GTIG said in a Tuesday (March 3) blog post that it “strongly urged” these actions after identifying an exploit kit that targets iPhones running iOS 13.0 up to iOS 17.2.1. These operating systems were released in September 2019 and December 2023, respectively.
The exploit kit, dubbed “Coruna,” is not effective against the latest version of iOS, according to the post.
Apple did not immediately reply to PYMNTS’ request for comment.
Coruna has sophisticated capabilities and was likely developed by a surveillance vendor, according to the GTIG blog post. It later proliferated to users such as a suspected Russian espionage group and a financially motivated threat actor in China.
“Beyond these identified exploits, multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities,” GTIG said in the post.
Coruna’s capabilities include stealing financial information by analyzing text to look for keywords such as “backup phrase” or “bank account,” per the post. It can also steal cryptocurrency wallets and other sensitive information.
GTIG said in the post that Google is a participant in the Pall Mall Process, which aims to limit the harms fromthe spyware industry.
“Together, we are focused on developing international norms and frameworks to limit the misuse of these powerful technologies and protect human rights around the world,” GTIG said.
The FBI’s Internet Crime Complaint Center (IC3) said in April 2025 that reported cyber and scam-related losses reached a record $16.6 billion in 2024, marking a 33% increase from 2023.
IC3 received 859,532 complaints in 2024, with an average reported loss of $19,372 per incident. The organization said these figures might not reflect the true scale of losses, as many incidents go unreported.
In other recent developments around cybersecurity, it was reported that the Iran conflict has raised the cyber risk for businesses, that OpenClaw developed a patch that prevents malicious websites from hijacking artificial intelligence agents, and that Google fixed a security vulnerability in the Gemini feature in its Chrome browser.