PANews reported on March 5th that, according to Cointelegraph, Google's Threat Intelligence Group released a report discovering a new iOS exploit kit called "Coruna" that can attack iPhones running iOS versions 13.0 to 17.2.1 to steal mnemonic phrases from encrypted wallets. The kit contains five complete iOS exploit chains and 23 vulnerabilities, some of which have not been previously disclosed.

GTIG first discovered the suite in February 2025 and traced its use to suspected Russian intelligence organizations targeting Ukrainian users. It subsequently appeared on fake Chinese encrypted websites aimed at stealing crypto assets. When users accessed these websites via iOS devices, the suite scanned text containing mnemonic phrases and keywords such as "backup phrases" and "bank accounts," and extracted sensitive information from encrypted applications like Uniswap and MetaMask. GTIG urges iPhone users to update their devices to the latest iOS version or enable "Lock Mode" to protect against attacks. The suite is incompatible with the latest iOS version.