"Apple notes that Apple patched vulnerabilities used by Coruna in the latest versions of its mobile operating system, iOS 18, so its exploitation techniques are only confirmed to work against iOS 13 through 17.2.1. It targets vulnerabilities in Apple's Webkit framework for browsers, so Safari users on those older versions of iOS would be vulnerable."
"iVerify says Coruna likely infected tens of thousands of phones. The company consulted with a partner that has access to network traffic and counted visits to a command-and-control server for the cybercriminal version of Coruna infecting Chinese-language websites. The volume of those connections suggest, iVerify says, that roughly 42,000 devices may have already been hacked."
"In iVerify's analysis of the cybercriminal version of Coruna, the company found that the code appeared to have been altered to plant malware on target devices designed to drain cryptocurrency from crypto wallets as well as steal photos and, in some cases, emails. Those additions, however, were poorly written compared to the underlying Coruna toolkit."
Coruna is a sophisticated exploitation toolkit targeting iOS devices through WebKit vulnerabilities in Safari on iOS 13 through 17.2.1. Apple patched these vulnerabilities in iOS 18, rendering the confirmed exploitation techniques ineffective on current versions. The toolkit avoids devices with Lockdown Mode enabled. iVerify estimates roughly 42,000 devices were infected in cybercriminal campaigns targeting Chinese-language websites, though the total victim count remains unknown, including potential Ukrainian targets from suspected Russian espionage operations. Cybercriminals modified Coruna to deploy malware stealing cryptocurrency and personal data, though these additions were poorly coded compared to the professionally engineered underlying toolkit.
#ios-security-vulnerabilities #coruna-exploitation-toolkit #cryptocurrency-theft-malware #webkit-browser-exploits #cybercriminal-campaigns
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]