Apple consumers are currently being targeted by a significant new cybersecurity threat. Researchers at Google Cloud's Mandiant have issued a warning regarding the Coruna exploit kit, a complex collection of tools intended to target iPhones running iOS 13 to 17.2.1.

The advisory claims that the kit already uses 23 separate vulnerabilities for cryptocurrency theft and espionage. With millions of people using mobile devices to manage digital assets, this development creates serious security risks.

• Coruna Exploit Kit Expands iOS Vulnerabilities
• Crypto Theft & Espionage Capabilities
• Growing Pattern of Mobile Crypto Security Risks
• Immediate Steps iOS Users Should Take

Coruna Exploit Kit Expands iOS Vulnerabilities

The size and complexity of the Coruna exploit kit are concerning. It combines 23 distinct vulnerabilities affecting iOS versions 13 through 17.2.1 rather than taking advantage of a single vulnerability. The number of potentially exposed devices is greatly increased by this wide reach.

Exploit kits automate attacks. The kit looks for vulnerabilities on the device and launches the most efficient exploit chain when a user clicks on a malicious link or visits a hacked website. If they are successful, attackers can get deep system access, escalate privileges, and get beyond security measures.

According to Google's Threat Intelligence data, financially motivated groups are increasingly adopting methods that were previously mostly utilised by state-sponsored attackers. This change is seen in Coruna, which combines sophisticated technical techniques with theft activities centred around cryptocurrency.

Crypto Theft & Espionage Capabilities

It is evident from Mandiant's warning that Coruna is being utilised for multiple purposes. Both financially driven attacks on bitcoin holders and espionage operations have been connected to the exploit kit.

A lot of customers use their iPhones to access exchanges, wallets, and decentralised apps. If attackers can gain browser sessions, saved passwords, or authentication tokens, they may be able to steal money without being immediately detected.

Crypto theft is frequently irreversible in contrast to regular banking fraud. Recovery becomes increasingly challenging after assets are transferred on-chain. Because of this, cybercriminal organisations find exploit kits that target mobile devices very appealing.

Given that cell phones frequently store a variety of banking apps, email accounts, identity documents, and authentication tools in one location, Google has frequently highlighted that threat actors are moving toward mobile-first tactics.

Coruna exploit kit is targeting iOS.

Coruna leverages 23 exploits against Apple devices running iOS 13-17.2.1. It is being used for espionage, and by financially motivated actors to steal crypto.

Update your iOS devices, and learn more about this threat: https://t.co/c7QRDPWMKI pic.twitter.com/l8rK9ZOLsw

— Mandiant (part of Google Cloud) (@Mandiant) March 3, 2026

Growing Pattern of Mobile Crypto Security Risks

There is more to the Coruna exploit than merely this. It is part of a larger trend of increasing cyberthreats tied to cryptocurrency that target mobile users.

For instance, we recently wrote a blog post titled MetaMask Alert: Protect Your Wallet from Cyber Threats, which discussed the rise in malware campaigns targeting wallets. The paper went into great detail about phishing-based malware and security issues with cryptocurrency wallets.

In order to breach digital wallets, the paper highlighted how attackers are mixing social engineering and technical flaws. The danger increases when combined with exploit kits such as Coruna. A hacked device can intercept authentication flows or covertly reveal wallet credentials.

This coordinated trend demonstrates the increasingly close relationship between smartphone vulnerabilities and crypto theft tactics. Exploit infrastructure is now actively marketed rather than experimental.

Immediate Steps iOS Users Should Take

Mandiant's recommendations strongly suggest updating impacted devices right now. Exploit kits usually rely on users postponing security upgrades that Apple regularly publishes.

Using out-of-date iOS versions greatly increases exposure. Attackers frequently examine security updates to determine what was resolved before focusing on people who haven't updated.

In addition to updating iOS, security professionals advise:

• Turning on system updates automatically.
• Avoiding dubious downloads or unidentified connections.
• Using hardware wallets to handle large amounts of cryptocurrency.
• Keeping an eye out for odd gadget behaviour like unexpected pop-ups or overheating.
• Keeping high-value cryptocurrency management apart from regular browsing.

In the age of digital assets, mobile cybersecurity has grown crucial, as evidenced by the emergence of exploit kits such as Coruna. Attackers are quickly changing as more financial activity shifts to cell phones, fusing technological accuracy with financial incentive.

If you find any issues in this article or notice missing information, please feel free to reach out at team@etherworld.co for clarifications or updates.

To promote your Web3 articles, events, and projects, you may reach out anytime via EtherWorld PR for submissions and collaboration.

Related Articles

1. Uniswap Wins Major DeFi Lawsuit as US Court Dismisses Claims
2. X Policy Update Opens Door to Crypto Paid Promotions
3. ZachXBT Alleges Insider Trading at Axiom Exchange
4. MetaMask Card Brings Crypto Spending to the US
5. Brazil’s Banco Braza Launches BBRL Stablecoin on Polygon

To follow blockchain news, track Ethereum protocol progress, and read our latest stories, subscribe to our weekly today.