Google has issued a serious warning about a sneaky iPhone exploit kit called "Coruna." It actively targets users with older iOS versions. This is significantly affecting crypto enthusiasts, draining their wallets while they sleep. If you’re still using iOS 14 or earlier, this could be a wake-up call for you.

A Predator in the App Shadows

Google's Threat Analysis Group (TAG) discovered "Coruna" in underground forums. This exploit kit is a scammer's dream. It contains a set of malicious code designed to infiltrate iPhones through phishing links or questionable apps, often disguised as enticing crypto investment tips. Once it gets in, it takes advantage of weaknesses in WebKit, giving attackers full remote control. What makes "Coruna" particularly dangerous is its focus on stealing crypto. Attackers use it to install keyloggers, clipboard hijackers that snatch copied wallet addresses, and screen recorders. Imagine approving a transaction, only to find that scammers have rerouted your Bitcoin to their offshore accounts. TAG reports that it has been sold since late 2025, with prices starting at $5,000 per kit. Older iOS versions are prime targets because Apple patched these vulnerabilities in iOS 15 and later. iOS 14.8, still running on millions of devices, is especially vulnerable. Google tracked campaigns targeting users in Europe and Asia, but with the global appeal of crypto, anyone could be affected.

Why Crypto Users Are in the Crosshairs

Crypto's attraction makes it easy prey for scammers. "Coruna" thrives in this environment because iPhone users dominate popular crypto apps like MetaMask or Trust Wallet. Scammers send SMS or Telegram messages like, "Claim your free ETH airdrop!" If you click, your seed phrase is compromised. This isn't a one-off incident. TAG connects "Coruna" to larger state-sponsored and financially motivated hacks. Similar techniques appeared in 2025's "Operation Triangulation," where iPhones were compromised with zero clicks. However, "Coruna" makes it accessible to even amateur hackers, boosting the prevalence of scams. Victims have reported losses ranging from $1,000 with Ethereum flips to entire life savings. One Reddit user shared a story about losing 2 BTC ($120K) after clicking a "legit" NFT mint link.

How It Works

1. Lure: Fake crypto promotion via email, SMS, or Discord.

2. Infection: Victim clicks the link, and the exploit uses WebKit bugs to silently jailbreak the device.

3. Payload: Malware contacts the attacker, stealing crypto data and manipulating transactions.

4. Cover-Up: Device reboots as normal, leaving no trace until your balance is empty.

Protect Yourself

Update to iOS 17 or later immediately (Settings > General > Software Update). Enable Lockdown Mode if you’re at high risk. Use hardware wallets like Ledger for large holdings and avoid clicking on unsolicited links; always verify through official channels. Install reputable security apps like Malwarebytes, enable two-factor authentication everywhere, and carefully check app permissions. When using crypto exchanges, stick to verified ones that offer withdrawal whitelists. Google advises reporting any suspicious activity to Apple's Product Security team.

The Bigger Picture

"Coruna" highlights the weaknesses in mobile security, especially as crypto becomes more mainstream. Apple needs to speed up patching, and users should move away from outdated devices. In India's expanding crypto market, this issue is urgent, with increasing scams amid changing regulations.