 ▲ iPhone, cryptocurrency, hacking/AI-generated image |
Security experts and cryptocurrency investors worldwide are on high alert following reports that the U.S. government may be behind a powerful iPhone hacking tool capable of infecting devices simply by visiting a malicious website.
According to crypto-focused media outlet Decrypt on March 4 (local time), GTIG discovered a hacking tool called Coruna that disables iPhone security systems. Coruna includes five attack chains and 23 vulnerabilities targeting devices running iOS versions 13 through 17.2.1. Even if users do not click on a link, Coruna can identify devices via JavaScript upon merely visiting a website and then deploy customized malware, demonstrating highly sophisticated techniques.
GTIG first identified Coruna in early 2025 during an attack involving a client of a commercial surveillance software company. By mid-2025, the suspected Russian spy group UNC6353 used Coruna to selectively target iPhone users after compromising Ukrainian websites. Toward the end of the year, Coruna was discovered again across hundreds of Chinese-language websites designed for cryptocurrency and financial fraud, where scammers lured victims and injected malicious code.
Mobile security firm iVerify claimed that Coruna’s design reflects technical characteristics typically associated with the U.S. government. “Coruna is an extremely sophisticated tool developed with millions of dollars in funding and shares similarities with other modules reportedly built by the U.S. government,” said Rocky Cole, co-founder of iVerify. Cole noted that this may be the first known instance of a U.S. government-developed tool falling out of control and being exploited by cybercriminal groups.
According to iVerify’s analysis, a single Chinese-language fraud campaign is estimated to have hacked approximately 42,000 devices. Coruna exploits vulnerabilities in Apple’s WebKit browser engine and evades detection by encrypting its payload and delivering it in a compressed proprietary file format. Infected devices were found to communicate with command-and-control servers to steal user information or facilitate financial fraud.
Apple has since patched all related vulnerabilities in the latest version of its operating system currently being distributed. GTIG strongly urged iPhone users to update to the latest OS immediately. If updating is not possible, users are advised to enable Apple’s Lockdown Mode for additional protection. Experts also recommended avoiding outdated devices and rigorously managing security patches to ensure the safety of cryptocurrency holdings.
Disclaimer: This article is for investment reference only, and we are not responsible for any investment losses arising from it. The content should be interpreted for informational purposes only.