A sophisticated toolkit used for iPhone hacking, named "Coruna," appears to have escaped its original purpose and fallen into the hands of foreign spies and cybercriminals. This exploit kit, which can infect iPhones merely by visiting compromised websites, suggests a troubling trend within cybersecurity circles.
Recent findings from Google’s security researchers reveal that Coruna is capable of exploiting various vulnerabilities within Apple’s iOS—specifically targeting versions between iOS 13 and 17.2.1. The toolkit reportedly utilizes five distinct hacking techniques to silently install malware on infected devices when users interact with malicious web content.
Initially, Coruna’s components were traced back to a surveillance company reportedly linked to a Russian espionage campaign targeting Ukrainians. Shifting hands, the toolkit was found again in criminal operations aimed at exploiting Chinese-language cryptocurrency and gambling sites, demonstrating its versatile and dangerous nature.
iVerify, a mobile security company, further analyzed Coruna and hinted at its potential origins as a product developed for the U.S. government. This analysis is bolstered by shared aspects in Coruna’s code and previous hacking operations attributed to American intelligence activities. The toolkit’s complexity and professional quality suggest significant resources were employed in its creation.
The implications of such a development are profound. If the code indeed originates from U.S. governmental tools, it raises concerns about the security measures surrounding high-level hacking technologies. Spencer Parker, iVerify’s chief product officer, observed that while the malware added by cybercriminals appeared amateurish, the underlying Coruna toolkit was impressively sophisticated, indicative of a single, professional author behind its design.
This situation mirrors past events such as the leak of the EternalBlue hacking tool, which, once stolen from the NSA, led to widespread cyberattacks. Experts are warning that the Coruna case represents a similar risk—the emergence of once-government tools in the hands of adversarial hackers and criminal enterprises.
Current evidence indicates that approximately 42,000 iPhones might have already been compromised by Coruna in its criminal iteration alone. As questions linger over how such tools transition between circles—from state-sponsored espionage to cybercrime—the industry grapples with the risks posed by the burgeoning market for zero-day exploits and hacking tools.
In summary, the trajectory of Coruna highlights a critical juncture in cybersecurity, indicating the potential for U.S. developed hacking tools to be misappropriated and repurposed by both adversaries and criminals, with far-reaching consequences for mobile security.
