iPhone Alert: Google Exposes Sophisticated iOS Crypto Phishing Kit "Coruna" in 2026
- What Is Coruna, and How Does It Target iPhone Users?
- Why Is Coruna Especially Dangerous for Crypto Holders?
- How to Shield Your iPhone from Coruna Attacks
- The Bigger Picture: Crypto Phishing in 2026
- FAQs: Your Coruna Questions Answered
Google's Threat Intelligence Group (GTIG) has uncovered "Coruna," a high-tech iOS exploit kit targeting iPhone users (versions 13.0 to 17.2.1) through crypto phishing scams. The kit steals wallet recovery phrases via malicious websites, often disguised as crypto platforms. Apple has patched some vulnerabilities, but unupdated devices remain at risk. Protect yourself by updating iOS, enabling Lockdown Mode, and avoiding suspicious links. Hardware wallets like Ledger or Trezor add extra security. Stay vigilant—crypto scams are evolving fast!
What Is Coruna, and How Does It Target iPhone Users?
In February 2026, Google's GTIG dropped a bombshell: Coruna, a state-grade iOS exploit kit, is actively draining crypto wallets. This isn’t your average phishing scam—it’s a multi-stage attack that identifies iPhones via JavaScript, delivers tailored exploits, and extracts sensitive data in seconds. Victims typically lose funds after visiting fake crypto sites (often Chinese-language platforms) or clicking phishing links. Coruna’s code shares eerie similarities with tools previously linked to government-backed hackers, though its exact origins remain murky. Apple has since patched some flaws, but as the BTCC security team notes, "Attackers adapt faster than patches roll out."
Why Is Coruna Especially Dangerous for Crypto Holders?
Coruna doesn’t just steal passwords—it specifically hunts for crypto wallet recovery phrases. Imagine typing your 12-word seed phrase into what looks like a legitimate MetaMask site, only to watch your ethereum vanish. That’s Coruna in action. GTIG found the kit targeting Ukrainian users and fake Chinese crypto exchanges, suggesting geopolitical motives. Unlike simpler scams, Coruna uses "zero-click" exploits for devices running iOS 13.0 to 17.2.1 (yes, that includes relatively recent versions). As of March 2026, CoinMarketCap reports over $200M in crypto stolen via similar iOS exploits this year alone.
How to Shield Your iPhone from Coruna Attacks
1.Apple’s iOS 17.3+ patches critical Coruna vulnerabilities. Delaying updates is like leaving your vault unlocked.
2.Found in Settings > Privacy & Security, this feature blocks complex attacks by restricting risky functions.
3.Scammers clone sites like Uniswap or Coinbase with subtle typos (e.g., "Coinbasse.app").
4.Trezor or Ledger devices keep keys offline—Coruna can’t touch them.
5.Free NFT mints or 2X airdrop promises are classic bait.
The Bigger Picture: Crypto Phishing in 2026
Coruna isn’t an isolated threat. According to TradingView data, crypto-related mobile attacks surged 300% since 2025. Why? iPhones are perceived as "secure," making users complacent. Meanwhile, hackers weaponize Apple’s ecosystem—like abusing Safari’s WebKit to bypass firewalls. GTIG’s report hints at nation-state involvement, with code fragments resembling North Korea’s Lazarus Group tools. While Google and Apple now collaborate on threat alerts, security experts warn: "No patch can fix human curiosity."
FAQs: Your Coruna Questions Answered
How do I know if my iPhone was infected by Coruna?
Check for unusual battery drain, unfamiliar apps, or sudden crypto transactions. Run a malware scan with tools like Malwarebytes.
Does Coruna affect Android or desktop users?
No—it’s exclusively designed for iOS vulnerabilities. But Android has its own exploit kits, like "Chameleon."
Can I recover stolen crypto from a Coruna attack?
Unfortunately, blockchain transactions are irreversible. Prevention is your only real defense.
