Cybersecurity researchers have uncovered a highly advanced iPhone hacking toolkit that may have already infected tens of thousands of devices worldwide.
The toolkit, known as Coruna, allows attackers to silently install malware on an iPhone simply by getting the user to visit a compromised website. No downloads, clicks, or obvious interaction are required.
What makes this discovery particularly concerning is the level of sophistication involved, suggesting it was originally built with significant funding and expertise.
Coruna isn’t just a single vulnerability — it’s a collection of multiple exploits working together.
Researchers found that it uses 23 different weaknesses in Apple’s iOS software. These vulnerabilities allow attackers to bypass several layers of built-in iPhone security protections.
Once triggered through a website, the toolkit can:
Install malware without the user knowing
Access photos and personal files
Extract emails and other sensitive data
Steal cryptocurrency stored on the device
Because the attack runs through a browser component, simply visiting an infected site could be enough for the attack to succeed.
Security analysts believe the toolkit has changed hands multiple times, appearing in different cyber campaigns.
At various points, versions of the exploit were used for:
Surveillance operations
Targeted espionage campaigns
Criminal attacks aimed at stealing cryptocurrency
This suggests the toolkit has circulated through multiple organisations and threat groups. Not great.
Tools like Coruna are extremely rare. Creating something this complex requires significant time, funding, and technical skill.
When sophisticated exploit frameworks escape their original environment and start circulating more widely, they can end up being reused or modified by other attackers.
Cybersecurity experts often compare situations like this to past incidents where powerful hacking tools eventually spread across the internet and were reused in large-scale cyberattacks.
Based on network traffic linked to one campaign using the toolkit, researchers estimate that over 40,000 devices may have already been compromised.
However, the real number could be higher, as different versions of the exploit may have been used in other campaigns that are harder to track.
The vulnerabilities used by the toolkit have now been patched in the latest versions of iOS.
That means the best protection is to keep your device fully updated.
Practical steps include:
Installing the latest iOS updates
Avoiding suspicious or unknown websites
Enabling advanced security features where available
Keeping devices updated remains one of the most effective ways to protect against new cyber threats.
We hope you’ve liked this blog. Stay tuned for more blogs like this. Stay safe!
