MarketAlert – Real-Time Market & Crypto News, Analysis & AlertsMarketAlert – Real-Time Market & Crypto News, Analysis & Alerts
Font ResizerAa
  • Crypto News
    • Altcoins
    • Bitcoin
    • Blockchain
    • DeFi
    • Ethereum
    • NFTs
    • Press Releases
    • Latest News
  • Blockchain Technology
    • Blockchain Developments
    • Blockchain Security
    • Layer 2 Solutions
    • Smart Contracts
  • Interviews
    • Crypto Investor Interviews
    • Developer Interviews
    • Founder Interviews
    • Industry Leader Insights
  • Regulations & Policies
    • Country-Specific Regulations
    • Crypto Taxation
    • Global Regulations
    • Government Policies
  • Learn
    • Crypto for Beginners
    • DeFi Guides
    • NFT Guides
    • Staking Guides
    • Trading Strategies
  • Research & Analysis
    • Blockchain Research
    • Coin Research
    • DeFi Research
    • Market Analysis
    • Regulation Reports
Reading: Google flags crypto scams powered by new iPhone exploit kit
Share
Font ResizerAa
MarketAlert – Real-Time Market & Crypto News, Analysis & AlertsMarketAlert – Real-Time Market & Crypto News, Analysis & Alerts
Search
  • Crypto News
    • Altcoins
    • Bitcoin
    • Blockchain
    • DeFi
    • Ethereum
    • NFTs
    • Press Releases
    • Latest News
  • Blockchain Technology
    • Blockchain Developments
    • Blockchain Security
    • Layer 2 Solutions
    • Smart Contracts
  • Interviews
    • Crypto Investor Interviews
    • Developer Interviews
    • Founder Interviews
    • Industry Leader Insights
  • Regulations & Policies
    • Country-Specific Regulations
    • Crypto Taxation
    • Global Regulations
    • Government Policies
  • Learn
    • Crypto for Beginners
    • DeFi Guides
    • NFT Guides
    • Staking Guides
    • Trading Strategies
  • Research & Analysis
    • Blockchain Research
    • Coin Research
    • DeFi Research
    • Market Analysis
    • Regulation Reports
Have an existing account? Sign In
Follow US
© Market Alert News. All Rights Reserved.
  • bitcoinBitcoin(BTC)$76,356.001.20%
  • ethereumEthereum(ETH)$2,316.830.02%
  • tetherTether(USDT)$1.00-0.01%
  • rippleXRP(XRP)$1.441.15%
  • binancecoinBNB(BNB)$633.901.18%
  • usd-coinUSDC(USDC)$1.00-0.01%
  • solanaSolana(SOL)$85.810.45%
  • tronTRON(TRX)$0.3292660.15%
  • Figure HelocFigure Heloc(FIGR_HELOC)$1.031.33%
  • dogecoinDogecoin(DOGE)$0.0952910.41%
Crypto NewsAltcoins

Google flags crypto scams powered by new iPhone exploit kit

rahulbadiyafad150c105
Last updated: March 5, 2026 12:26 pm
rahulbadiyafad150c105
Published: 2 months ago
Share

Security researchers at Google say they have discovered a new exploit kit targeting Apple iPhone users, designed to steal cryptocurrency wallet seed phrases.

Contents
  • Fake sites used to deliver the exploit
  • Debate over possible US intelligence links

The toolkit, called “Coruna” by its developers, targets iPhones running iOS versions 13.0 through 17.2.1. According to a report released Wednesday by the Google Threat Intelligence Group (GTIG), the kit contains five complete iOS exploit chains and 23 total exploits, including several that had not previously been disclosed publicly.

GTIG said it first detected the exploit kit in February 2025 and has since observed it being used by a suspected Russian espionage group targeting Ukrainian users. Researchers later found it linked to fake Chinese cryptocurrency websites designed to steal digital assets.

The group noted that the exploit kit does not work on the latest version of iOS and urged iPhone users to update their devices to the newest software. For those unable to update, enabling Lockdown Mode — a security feature provided by Apple — can help defend against advanced cyberattacks.

Fake sites used to deliver the exploit

GTIG said it initially identified parts of the exploit in February 2025 when a surveillance company’s client used JavaScript to fingerprint a device and deliver the appropriate exploit.

Later in the year, researchers found the same JavaScript framework embedded on several compromised Ukrainian websites. The malicious code was configured to target only specific iPhone users located in certain geographic regions.

According to the Google Threat Intelligence Group (GTIG), the same exploit framework was later discovered in December on a large network of fake Chinese websites, many posing as financial platforms. One of the sites even impersonated the cryptocurrency exchange WEEX.

When an iPhone user visits these sites, the framework deploys the exploit kit and searches the device for financial data. It scans messages for sensitive terms such as “backup phrase” or “bank account,” attempting to capture cryptocurrency wallet seed phrases.

The malware also targets widely used crypto applications like Uniswap and MetaMask, aiming to extract digital assets or other sensitive information.

Debate over possible US intelligence links

GTIG did not reveal the identity of the surveillance company customer believed to be connected to the exploit kit. However, mobile security firm iVerify told WIRED that the toolkit may have been developed or acquired by the United States government.

“It’s highly sophisticated, took millions of dollars to develop, and it bears the hallmarks of other modules that have been publicly attributed to the US government,” iVerify co-founder Rocky Cole said.

Cole added that this could represent the first case where tools likely originating from US government development — based on analysis of the code — have spread beyond their intended use and ended up in the hands of adversaries and cybercriminal groups.

However, a principal security researcher at Kaspersky told The Register that there is currently no clear evidence in published reports showing code reuse that would link Coruna to the same developers.

Share this:

  • Share on X (Opens in new window) X
  • Share on Facebook (Opens in new window) Facebook

Like this:

Like Loading...

Related

WISeKey Reports FY 2025 Preliminary Financial Results
TrumpRx launched in Tennessee. See the list of drugs available
Bitcoin Mining Giants Pivot to AI as Sector Faces New Divides
Celo Integrates Morpho, with Institutional-Grade Vaults Curated by Feather
Chainlink Co-Founder Sergey Nazarov Identifies Fundamental Market Shift as Bitcoin Hyper Ecosystem Expands | Cryptocurrency Market News | CryptoRank.io
TAGGED:AltcoinBlockchaincryptocurrenciesHacksiOSiPhoneScams & Cybercrime

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Email Copy Link Print
Previous Article >>>
Next Article Crypto Prices Today: Bitcoin Reclaims $72,000, XRP Up 5.79% at $1.42 as Iran-US Peace Hopes Trigger Rally
© Market Alert News. All Rights Reserved.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Prove your humanity


    Lost your password?

    %d