Table of Contents
Are iPhones Safe From the Secretive Coruna iOS Exploit Kit Found by Google?
What Is the Coruna Exploit Kit?
The Google Threat Intelligence Group recently found a powerful new set of hacking tools called Coruna. The creators of these tools built them to attack Apple iOS devices. This toolkit holds 23 different ways to hack into phones, along with five complete step-by-step attack methods. The attackers built this tool using very advanced and sometimes private hacking methods to get past phone security walls.
Google security researchers shared their findings on February 3, 2026. Their blog post explains how the Coruna Exploit Kit shows the high-level skills of the people who made it. They combined many complex techniques to bypass the security measures built into modern phones.
Who Does Coruna Target?
This hacking toolkit goes after a wide range of Apple iPhone models. It can attack iPhones running iOS versions from 13.0 (which came out in September 2019) all the way up to 17.2.1 (which came out in December 2023).
Google researchers first saw this toolkit being used in 2025. At first, the attackers aimed it very carefully at specific targets. They used it against a client of a surveillance company. The hacking tools were hidden inside a type of computer code called JavaScript. The attackers used a simple but unique way to scramble the code so it was hard for security experts to read.
How Has the Exploit Kit Spread?
Over time, different groups started using the Coruna toolkit for their own goals:
- Espionage Attacks: Researchers saw the toolkit used in attacks against users in Ukraine. These attacks were set up like a trap on websites the targets were known to visit. Experts believe a suspected Russian spy group named UNC6353 carried out these attacks.
- Financial Attacks: Later, a Chinese group named UNC6691 used the toolkit in large campaigns to make money. This is when Google researchers were able to capture the complete toolkit.
A Growing Threat
Google researchers are not sure how this toolkit spread from the first group to the others. They think there might be an active market where hackers buy and sell “used” hacking tools.
Because of this toolkit, several different hacking groups now have access to advanced techniques. They can reuse these techniques and change them to work with new security holes they find in the future.