 
 
Security researchers at Google have warned of a new iOS exploit kit, Coruna, developed to steal sensitive user information for scam crypto sites. Experts consistently tracked the history and use of several devices alongside deployment patterns.
Are iOS Users Under Threat?
Google Threat Intelligence Group (GTIG) has raised an alarm on a new scammer kit targeting iPhone users. Coruna, also known as CryptoWaters, was designed to compromise older models of Apple phones running iOS 13 to iOS 17.2.1.
This makes it ineffective against newer phones, but losses could still be high. Currently, experts say it comprises five chains with 23 exploits. According to the report, it was discovered last year and has been deployed by Russian and Chinese hackers.
Initially, an alleged Russian espionage group targeted some Ukrainians before a similar model was seen on fake Chinese websites. Basically, if a user opens the website across a range of devices, the exploit kit integrates. Afterward, it begins a sophisticated scan for personal information, including key phrases and keywords to steal crypto assets.
Analysis reveals it utilizes fingerprinting to test for the post model before proceeding with authentication bypass, relying on a high engineering framework.
 
Access to this information can lead to huge losses depending on the amount held in the wallet. Furthermore, it can specifically aim for crypto applications, raising concerns among digital asset holders.
“Photon and Gallium are exploiting vulnerabilities that were also used as zero-days as part of Operation Triangulation, discovered by Kaspersky in 2023. The Coruna exploit kit also embeds reusable modules to ease the exploitation of the aforementioned vulnerabilities. For example, there is a module called rwx_allocator using multiple techniques to bypass various mitigations preventing allocation of RWX memory pages in userland,” they added.
This highlights growing concerns about crypto exploits that result in huge losses. Although not peculiar to digital assets, it has become a preferred tool for bad actors due to the greater anonymity it offers compared to fiat currencies. Besides exploits deployed on devices, hackers still directly drain exchanges and decentralized protocols.
Last year, Trust Wallet users lost about $7 million following an update on its Chrome Extension. However, crypto hacks plummeted in the last quarter compared to the previous three. Still, blockchain security firms rally for broader DeFi education, password protection, and white-hat bug bounty programs.
Source: https://zycrypto.com/google-warns-of-high-end-iphone-exploit-hunting-crypto-wallet-data/