Security researchers at Google have uncovered a sophisticated iPhone hacking toolkit called Coruna that exploits 23 iOS vulnerabilities to silently install malware. The toolkit, which includes five complete hacking techniques, was originally developed by a well-resourced, likely state-sponsored group. Google traces its origins to components used in espionage campaigns targeting Ukrainian websites and cryptocurrency theft operations.

iVerify, which analyzed Coruna's code, suggests it may have begun as a US government tool based on its sophistication and similarities to the Triangulation hacking operation. The toolkit contains modules previously used against Russian cybersecurity firm Kaspersky in 2023, which Russia attributed to the NSA. English-speaking coders wrote the original code, which took millions of dollars to develop.

Despite Apple patching these vulnerabilities in iOS 26, Coruna likely infected tens of thousands of devices before the fixes. iVerify estimates approximately 42,000 phones were compromised in cryptocurrency theft campaigns alone. The toolkit's spread to foreign adversaries and cybercriminals raises serious questions about the security of mobile devices when sophisticated hacking tools created for or sold to American government agencies can leak to unauthorized parties.