PANews March 5 News, according to Cointelegraph reports, the Google Threat Intelligence Group released a report stating that a new iOS exploit kit called “Coruna” has been discovered. It targets iPhones running iOS 13.0 to 17.2.1 to steal cryptocurrency wallet seed phrases. The kit includes 5 complete iOS exploit chains and 23 vulnerabilities, some of which were previously undisclosed.
GTIG first identified this kit in February 2025 and traced it to being used by suspected Russian espionage groups against Ukrainian users. It later appeared on fake Chinese crypto websites, aiming to steal digital assets. When users access these sites via iOS devices, the kit scans for text containing seed phrases, “backup phrases,” “bank accounts,” and other keywords, and extracts sensitive information from crypto apps like Uniswap and MetaMask. GTIG urges iPhone users to update their devices to the latest iOS version or enable “Lockdown Mode” to defend against attacks. The kit is not compatible with the latest iOS versions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Aftermath Finance Opens Claims Page for Attack-Affected Users Following Last Week's Incident
According to Sui's official statement on X, Aftermath Finance has opened a claims page for users affected by last week's attack, with all refunds processed. When users reconnect to aftermath.finance, the system will prompt them to withdraw balances from Aftermath Perps. Affected users can contact th
GateNews1h ago
Ripple Shares North Korean Hacker Intelligence with Crypto Industry as Attack Methods Shift to Social Engineering
According to BlockBeats, on May 5, Ripple announced it is sharing internal threat intelligence about North Korean hackers with the crypto industry through Crypto ISAC. The move addresses a fundamental shift in attack methodology: rather than exploiting smart contract code vulnerabilities, threat act
GateNews1h ago
Tydro Halts All Markets on May 5 Due to Oracle Issue; User Funds Safe
According to BlockBeats, Tydro, a lending protocol in the Ink ecosystem, suspended all markets on May 5 following a third-party oracle issue report. The team confirmed user funds remain safe and is actively investigating the
GateNews1h ago
Hacker tricks AI agents with Morse code! The attacker lures Grok and BankrBot into making transfers, stealing $170k worth of cryptocurrency
An AI agent vulnerability was exposed on the X platform: attackers used a Bankr Club NFT to obtain transfer privileges for a Grok wallet, then used Morse code instructions to prompt BankrBot to transfer out roughly 300 million DRB without human approval, worth about $175k. The issue stems from BankrBot’s architecture not treating AI output as authorization. The funds have been recovered, and defenses will be strengthened, including API key controls and IP whitelisting.
ChainNewsAbmedia2h ago
Aave Seeks to Lift $73M ETH Freeze From Kelp DAO Exploit
Aave LLC filed an emergency motion in federal court on May 1 seeking to lift a court-ordered freeze on roughly $73 million in ether recovered from the April 18 Kelp DAO exploit, arguing that temporary possession of stolen assets does not equate to ownership. The motion challenges restrictions preven
CryptoFrontier4h ago
