A sophisticated iPhone hacking toolkit that bears the hallmarks of US government development has escaped into the wild, infecting tens of thousands of devices worldwide. Security researchers have identified what they're calling "Coruna" - a collection of advanced iOS exploits now being wielded by foreign intelligence services and criminal organizations. The leak represents a dangerous proliferation of state-level surveillance technology, turning what was likely designed as a targeted law enforcement tool into a weapon available to America's adversaries.
The cybersecurity world is grappling with what could be one of the most significant leaks of government hacking tools since the Shadow Brokers dumped NSA exploits in 2017. A toolkit dubbed "Coruna" by researchers has surfaced in active attacks against iPhone users worldwide, and the technical sophistication points directly back to US intelligence or law enforcement origins.
The discovery came from multiple threat intelligence teams who noticed an unusual pattern of iPhone compromises starting in late February. According to analysis published by Wired, the infection count has already reached tens of thousands of devices, with victims spanning multiple continents. What makes Coruna particularly alarming isn't just its spread, but its capabilities and likely provenance.
Security researchers who've reverse-engineered portions of the toolkit describe it as a "masterclass in iOS exploitation." The attack chain leverages multiple zero-day vulnerabilities - previously unknown security flaws that even Apple hadn't detected. It can silently compromise an iPhone through methods including malicious iMessage attachments, compromised websites, and even proximity-based attacks that don't require any user interaction.
Once installed, Coruna grants attackers essentially god-mode access to the device. It can exfiltrate messages, photos, location data, and encrypted communications. It can activate the microphone and camera without triggering indicator lights. Most disturbingly, it persists across reboots and iOS updates by exploiting vulnerabilities deep in the iPhone's firmware.
