Security researchers from Google's Threat Intelligence Group have issued a critical warning about a sophisticated exploit kit dubbed "Coruna" that targets iPhones running older versions of iOS, from 13 to 17.2.1. The kit leverages five exploit chains and 23 vulnerabilities to bypass Apple's security, install spyware, and aggressively scan devices for sensitive cryptocurrency wallet data, including recovery seed phrases and login credentials for apps like MetaMask.
The malware is deployed through compromised websites and fake crypto platforms in 'watering hole' attacks. Once a vulnerable device visits such a site, the exploit can gain system privileges and extract information, potentially allowing attackers to drain wallets of assets like Bitcoin and Ethereum. Security firm iVerify notes that parts of the code resemble tools believed to originate from U.S. government cyber programs, suggesting the toolkit may have leaked and is now used by cybercriminal and nation-state actors. The exploit is ineffective on the latest iOS versions, with Apple's Lockdown Mode and private browsing also providing protection.
In parallel institutional news, banking giant Morgan Stanley is preparing to launch a Bitcoin investment product, tentatively named the Morgan Stanley Bitcoin Trust. According to a filing, the bank will partner with Coinbase for cryptocurrency custody and BNY Mellon for additional asset custody, utilizing offline cold storage to mitigate hacking risks. This move signals deepening institutional demand for regulated crypto access.
Furthermore, Silicon Valley venture capital firm Andreessen Horowitz (a16z) is reportedly raising approximately $2 billion for a new cryptocurrency-focused investment fund, aiming to close in the first half of the year. This follows a recent $650 million fund from VC firm Dragonfly, indicating sustained venture capital confidence despite market conditions.
In regulatory infrastructure developments, crypto firm Zerohash has applied for a National Trust Bank Charter with the U.S. Office of the Comptroller of the Currency (OCC). If approved, this would allow Zerohash to operate as a federally regulated trust bank, expanding its services in digital asset custody and stablecoin management. Separately, stablecoin issuer Tether made a $1.5 billion strategic investment in AI sleep technology company Eight Sleep, continuing its diversification beyond crypto.
