It’s the Coruna-virus pandemic.
Techsperts are cautioning iPhone users against a “mysterious” cyberscam allegedly created by the US government that can hijack your device using multiple weak points.
The “powerful” software kit, dubbed Coruna, uses 23 different vulnerabilities to exploit iPhones and break into the device, Google warned in a PSA.
Devised in part to exploit Apple’s Safari browser, the sophisticated attack can be started five different ways, beginning with a simple click on a malicious link. From there, the tool circumvents the iPhone’s safeguards and ostensibly allows bad actors to yoink text snippets and access sensitive data, such as financial information.
But unlike your typical mom-and-pop malware, this virtual Trojan Horse doesn’t “contain any specific targeting or one-time links,” mobile security firm iVerify found. Rather, any visitor to a website with a vulnerable iOS model could get compromised.
“The framework surrounding the exploit kit is extremely well engineered; the exploit pieces are all connected naturally and combined together using common utility and exploitation frameworks,” Google warned.
The provenance of this instrument of digital destruction is known, but it’s not your average garage band spearphishing virus.
First spotted by Google in February 2025, the state-of-the-art spyware may have begun as a US government tool that was then leaked, iVerify theorized.
Then, like a technological pandemic, the government-grade kit was spread throughout the globe by international cybercriminals.
In July 2025, a Russian espionage ring commandeered Ukrainian websites with the tool, while Chinese hackers allegedly used the it to conduct bogus cybercurrency exchanges that targeted users indiscriminately, PCMag reported.
“Anyone who would have gone to the website with a vulnerable iOS version could get infected,” iVerify reported. “This is not typical for targeted attacks used by nation-states, but rather e-criminal groups. We were able to reinfect our devices multiple times.”
The one upshot is that Coruna can only infect iPhones outfitted with older iOS numbers between 13 and 17.2.1 — the latter of which debuted in 2023.
In accordance, Google urges users “to update their devices to the latest version of iOS” to protect themselves from techsploitation.
In the event that upgrading is not possible, the tech firm advises initiating Lockdown Mode, which Apple rolled out in 2022 to protect iPhone users from spyware.
