Google Warns Spyware Steals Crypto From Older iPhones

By  |  March 4, 2026
 | 
iPhone with older OS

Google Threat Intelligence Group (GTIG) is recommending that users of Apple iPhone models running some older operating systems update their devices to the latest version of iOS or, if that’s not possible, enable Apple’s Lockdown Mode for enhanced security.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    GTIG said in a Tuesday (March 3) blog post that it “strongly urged” these actions after identifying an exploit kit that targets iPhones running iOS 13.0 up to iOS 17.2.1. These operating systems were released in September 2019 and December 2023, respectively.

    The exploit kit, dubbed “Coruna,” is not effective against the latest version of iOS, according to the post.

    Apple did not immediately reply to PYMNTS’ request for comment.

    Coruna has sophisticated capabilities and was likely developed by a surveillance vendor, according to the GTIG blog post. It later proliferated to users such as a suspected Russian espionage group and a financially motivated threat actor in China.

    We’d love to be your preferred source for news.

    Please add us to your preferred sources list so our news, data and interviews show up in your feed. Thanks!

    Add as Preferred Source

    “Beyond these identified exploits, multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities,” GTIG said in the post.

    Advertisement: Scroll to Continue

    Coruna’s capabilities include stealing financial information by analyzing text to look for keywords such as “backup phrase” or “bank account,” per the post. It can also steal cryptocurrency wallets and other sensitive information.

    GTIG said in the post that Google is a participant in the Pall Mall Process, which aims to limit the harms fromthe spyware industry.

    “Together, we are focused on developing international norms and frameworks to limit the misuse of these powerful technologies and protect human rights around the world,” GTIG said.

    The FBI’s Internet Crime Complaint Center (IC3) said in April 2025 that reported cyber and scam-related losses reached a record $16.6 billion in 2024, marking a 33% increase from 2023.

    IC3 received 859,532 complaints in 2024, with an average reported loss of $19,372 per incident. The organization said these figures might not reflect the true scale of losses, as many incidents go unreported.

    In other recent developments around cybersecurity, it was reported that the Iran conflict has raised the cyber risk for businesses, that OpenClaw developed a patch that prevents malicious websites from hijacking artificial intelligence agents, and that Google fixed a security vulnerability in the Gemini feature in its Chrome browser.


    Recommended

    iPhone with older OS

    Google Warns Spyware Steals Crypto From Older iPhones

    Shift4 Adds 140,000 Merchants in Worldline Deal

    What Happens Now That Crypto Has Plugged Into the Fed’s Payments System?

    Kraken First Digital Asset Bank to Gain Fed Payment Rail Access

    See More In: , , , , , ,