technology
Coruna exploit kit targets outdated iPhones, suspected to reuse US-linked code
A powerful exploit kit called Coruna is infecting outdated iPhones via compromised websites, with researchers saying its code likely traces back to US government tools and is now used by multiple threat actors.
Apr 2nd 2026 · United States
Insights
- Coruna targets iPhones running iOS 13.0 through 17.2.1 and can infect devices that visit certain compromised websites.
- Analysts say the toolkit is highly sophisticated and bears code similarities to tools publicly attributed to the US government.
- The exploit has been reused by different actors, including a suspected Russian espionage group and a financially motivated actor linked to China.
- Infections are not delivered via one-time targeted links, meaning any vulnerable device visiting affected sites could be infected or re-infected.
- Users should update to the latest iOS or enable Lockdown Mode on devices that cannot be updated to reduce risk.
Sources
- This new iPhone hack can steal your data just by visiting a website gulfnews.com
- Apple launches urgent fix for devastating ‘Darksword’ iPhone attack www.independent.co.uk
- Hacking tool with possible US origins targets outdated iPhones www.siliconrepublic.com
- TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign thehackernews.com
- Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits thehackernews.com
- Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks thehackernews.com