Google cybersecurity experts have highlighted a new hacking tool that is being used and have issued a warning against it.
With smartphone upgrades and new features arriving at a rapid pace, many people have gotten used to switching devices regularly — sometimes every year.
But as manufacturers promote stronger privacy protections and security upgrades, cybercriminals continue refining the methods they use to access personal information and, in some cases, money.
In a Google Cloud blog post published on March 3, security researchers detailed a newly observed toolkit being used to compromise iPhones.
The spyware has been dubbed ‘Coruna’ and was first identified by researchers at Google’s Threat Intelligence Group (GTIG).
The blog post read: “Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (released in September 2019) up to version 17.2.1 (released in December 2023).
“The exploit kit, named “Coruna” by its developers, contained five full iOS exploit chains and a total of 23 exploits.
“The Coruna exploit kit provides another example of how sophisticated capabilities proliferate.”
In practical terms, these “exploits” refer to techniques that can be chained together to break into devices and circumvent built-in protections on Apple hardware.
Researchers suggested that once the toolkit is successfully deployed, it may be capable of capturing text and accessing private data stored on a phone, including photos, notes, and financial details.
According to a Mail Online report, part of the toolkit’s focus is Apple’s Safari browser, and it can be activated in different ways — including when a user clicks a malicious link.
Google’s post added that Coruna has reportedly appeared in “highly targeted operations.” The individuals behind those incidents are suspected to include a “Russian espionage group” as well as a “financially motivated threat actor operating from China.”
The post also addressed why sharing the findings matters, particularly for users who could be exposed to similar attacks.
The post continued: “Following our disclosure policy, we are sharing our research to raise awareness and advance security across the industry. We have also added all identified websites and domains to Safe Browsing to safeguard users from further exploitation.”
Google also emphasized that Coruna is not effective against the most recent iOS release.
Users were urged to install the latest iOS updates available for their device to reduce the risk of exploitation and ensure the strongest protections are in place.