An iOS exploit kit, originally developed for use by governments, has been discovered in the hands of cybercriminals. As a result, a wide range of attackers, including spies, are using these tools to target iOS users globally. All it takes for a victim to be successfully targeted is visiting a website that contains the injected malicious code.
The Coruna Exploit Kit
Known as Coruna, the kit comprises a combination of 23 exploits and 5 attack chains. Originally developed for use by governments and for surveillance purposes, Google recently discovered that it is being used for other malicious activities. This was also confirmed by the iVerify security firm.
The Coruna exploit affects most IOS versions released from 2019, through 2023. As mentioned for the exploit to work, the victim needs to visit a website. How it worked is the fingerprinting module first collected data points to determine the exact device and version of software. After that, the website loaded the approriate WebKit exploit that initial remote code execution.
The most common method used to target victims is called a "watering hole attack," where a trusted website is compromised and injected with malicious code. The most frequent targets have been pornography and cryptocurrency websites. Apple reportedly released a patch to fix this exploit in iOS 17.3 in early 2024. However, many devices may remain vulnerable, as not all users regularly update their phones.
Discovered in the Wild
Google's Threat Intelligence Group uncovered the malware being used in a wide range of cybercriminal campaigns. From Chinese scammers to Russian spies, there have been multiple instances of this exploit being used in ways it was not originally intended. A significant number of fake Chinese finance-related websites have been found to contain the exploit, luring users under false pretenses and injecting them with the malicious code. The report also reveals that a compromised Ukrainian website was found to be using the same JavaScript framework.
The Surveillance Reality
While the situation may sound very alarming, the truth is that simply updating to the latest version of iOS should protect users. While many news agencies focus on how the software made its way into the hands of cybercriminals, we believe the real concern should be about the companies creating these tools in the first place. Over the past decade, we've seen a rise in companies developing technologies that enable governments to compromise civilian technology. This growing trend raises important questions about privacy and surveillance.
0 Comments