Google Uncovers iPhone Exploit Kit Targeting Crypto Wallets

• GTIG mentioned that it came across parts of an iOS exploit in February last year in which a consumer used JavaScript to fingerprint the device.
• The kit also looks for prominent crypto apps, comprising Uniswap and MetaMask, to have crypto or sensitive information. 

Google’s threat researchers reveal that they have unveiled a new exploit kit aiming at Apple iPhone users, targeted at stealing crypto wallet seed phrases. The kit, referred to as ‘Coruna’ by its developers, aims at iPhones working on iOS versions 13.0 up to 17.2.1. 

It contains five complete iOS exploit chains and around 23 exploits, comprising ones that were so far unknown to the public, the Google Threat Intelligence Group (GTIG) mentioned in a report on March 4. 

The group revealed that it first found the kit in February 2025 and has since traced its applications by a suspected Russian espionage group against Ukrainians and then to fake Chinese crypto websites that target the theft of crypto. 

GTIG further mentioned that the kit does not run with the latest version of iOS and requested iPhone users update their devices to the latest software version. If that is not possible, users should put the phone in lockdown mode, which, according to Apple, can help in countering sophisticated attacks. 

What Does GTIG Further Mention? 

GTIG mentioned that it came across parts of an iOS exploit in February last year in which a consumer of a surveillance company used JavaScript to fingerprint the device to offer the correct exploit. 

Further, in the same year, it found the same JavaScript framework concealed on various compromised Ukrainian websites that was solely delivered to selected iPhone users from a particular geolocation. 

GTIG mentioned that it found the similar substructure in December on a very big set of fake Chinese websites often associated with finance, comprising one that spoofed the crypto exchange WEEX. 

When a user has access to the website with an iOS device, the substructure gives the exploit kit and hunts for financial information, comprising analysing texts having seed phrases and keywords like ‘backup phrase’.  

The kit also looks for prominent crypto apps, comprising Uniswap and MetaMask, to have crypto or sensitive information. 

Highlighted Crypto News Today: 

UK Reform Party Races Ahead Through Crypto Donations