Dangerous iPhone Crypto Exploit Kit Targets Wallets

A sneaky new threat called the Coruna exploit kit is hitting iPhone users hard by stealing crypto wallet secrets without them even knowing. Google’s experts just uncovered this powerful tool that turns everyday websites into traps for your digital money. What started as spy tech now lets thieves drain accounts on a massive scale, leaving millions at risk if they skip updates.

Google’s Threat Intelligence Group spotted the Coruna kit in action. This tool packs 23 exploits across five chains to break into iPhones running old software.

It first showed up in early 2025 for government spying jobs. Now, bad guys use it to grab crypto details from users.

The kit shifts from secret ops to open theft, putting everyday iPhone owners in the crosshairs. Experts say it targets versions from iOS 13.0 back in 2019 all the way to 17.2.1 from late 2023.

Researchers at iVerify call it CryptoWaters for its focus on wallet data. They found it stealing seed phrases that unlock funds in apps like MetaMask.

How the Exploit Kit Works on iPhones

Crooks hide the kit on fake gambling sites and phony crypto exchanges. These act as watering holes where victims stop by without a clue.

Once you visit, the kit strikes fast with no clicks needed. It uses drive-by attacks to slip in and scrape sensitive info.

One key flaw it hits is CVE-2024-23222 in WebKit, fixed by Apple in January 2024. The kit chains bugs to climb from web access to full device control.

Users on outdated iOS face the worst danger. Thousands of iPhones already fell to this in 2025 campaigns, per Google’s data. It reads like a step-by-step invasion, starting with a simple page load.

The process breaks down like this:

• Lands on a booby-trapped site.
• Triggers remote code execution in Safari.
• Escalates privileges to access wallet data.
• Sends stolen seeds to thief servers.

Apple’s Fixes and Why Updates Matter

Apple patched the main holes in iOS 17.3 back in January 2024. Newer versions block the whole kit cold.

But many devices lag behind. Stats from 2025 show over 20 percent of iPhones still run iOS 16 or older, based on usage reports from app analytics firms.

Sticking to fresh software is your best shield against tools like Coruna. If updates fail, turn on Lockdown Mode right away. It cuts off risky features to slow down attackers.

Google added bad sites to its Safe Browsing list for extra protection. This stops alerts from popping up on Chrome and other apps.

One quick tip stands out. Check your iOS version in settings today and hit update if needed.

This table shows how time plays into the threat. Older phones need urgent attention.

The Shift from Spies to Street Thieves

Coruna started with a surveillance firm serving governments. It leaked and landed with Russian spies hitting Ukraine targets.

Now, Chinese cybercriminals run it for profit. They aim at crypto fans, turning spy tricks into wallet raids.

This trend worries experts. High-end tools once locked for nations now flood criminal markets. A 2025 report from security firms noted a 40 percent jump in reused exploits for theft.

It blurs lines between state hacks and personal scams, hitting regular folks hardest. iPhone users lose not just money but trust in their devices.

Victims report drained accounts worth thousands. One case from late 2025 saw a user lose 5 Bitcoin after a fake exchange visit.

The bigger picture? Mobile threats grow as crypto booms. Billions in digital assets sit vulnerable on phones daily.

As this story unfolds, the real fear is how fast these kits spread. Everyday browsing turns risky when old software meets new greed.

In the end, the Coruna saga shows how fast dangers evolve in our connected world. iPhone owners must stay vigilant with updates to guard their hard-earned crypto. This breach shakes faith in tech security, but simple steps like enabling protections bring hope against the tide.