Google Threat Analysis Group (TAG) said on Mar. 3 that it had found the Coruna hacking tool, which can hack older versions of iOS, the iPhone's operating system, and detected indications that the tool had fallen into the hands of cybercriminals.
Google found that a Russian spy group used Coruna when attacking Ukraine last year, and that a Chinese hacker used Coruna to gain financial profit. The path by which Coruna, originally created for inter-state espionage, was leaked has not been confirmed, but Google security researchers raised the possibility that a black market for such hacking tools has formed for transaction.
Google explained that Coruna bypasses the iPhone's defenses by using a watering hole attack method (hacking frequently visited sites to plant malware in advance). The models that can be hacked by this method are those running iOS, from iOS 13 to iOS 17.2.1 released in Dec. 2023. If the latest security updates are neglected, the risk of becoming a target of crime increases.
Google TAG said, "iPhone users should immediately update their devices to the latest iOS, and if updating is not possible, it is advisable to temporarily enable Lockdown Mode to enhance security."