March 3, 2026

Spyware on a world tour

Article URL →HN comments →

A US Government iPhone-Hacking Toolkit Is Now in Foreign Spy and Criminal Hands

Internet melts down over ‘US-made’ iPhone hack leak — proof or just rumor

TLDR: Google spotted a rare iPhone-hacking kit, “Coruna,” used by spies and crypto thieves, with some researchers hinting it could have US origins—though nothing is confirmed. Commenters are split between “this is proof of US tools gone wild” and “stop the speculation,” with sarcasm, conspiracy, and headline-policing in full swing.

A rare iPhone hack kit called Coruna is making the rounds like a cursed USB stick from a spy movie, and the internet is losing its mind. Google says this powerful tool can silently hijack an iPhone when you just visit a website, and it’s shown up in Russian spy ops against Ukrainians, then in crypto-stealing schemes on Chinese-language sites. One mobile security firm hints the kit might have started with a US government contractor, citing English-language code and overlap with “Triangulation,” which Russia claimed was the work of the NSA (the US didn’t confirm). It’s all deeply unsettling—and very much not confirmed. Read Google’s write‑up here.

The comments? Pure chaos. Cautious types hammer that the “Possible” in the headline matters, calling out speculation and media hype. Others go full sarcasm, roasting the current administration’s “competence,” while one conspiracy-heavy take claims there’s “a guy at Apple” slipping in secret flaws. A link-dumper tossed an archive link like a mic drop. And when downvotes flew, one user crowed, “lol… proves my point,” turning the thread into a slap-fight. The meme of the day: spyware on a world tour. Whether this is a US-born escapee or not, the community’s split between “sound the alarm” and “show receipts,” with jokes, jabs, and paranoia all turned to 11.

Key Points

  • Google detailed “Coruna,” an iPhone exploit toolkit with five exploit chains leveraging 23 iOS vulnerabilities to install malware via websites.
  • Coruna components were first seen with a surveillance company’s customer, then used by a suspected Russian spy group targeting Ukrainians.
  • The toolkit later appeared in criminal campaigns on Chinese-language crypto and gambling sites to steal cryptocurrency.
  • iVerify suggests Coruna may have been built for or purchased by the US government; code overlaps with the 2023 “Triangulation” operation against Kaspersky.
  • Google warns Coruna has proliferated in the wild and could be adopted or adapted by other hacker groups; how it spread is unclear.

Hottest takes

“How could something as sensitive get out of an administration as competent as the current one?” — mentalgear
“‘Possible’ stripped from the headline on HN” — happyopossum
“it has a guy working at apple who introduces the subtle vulnerability he is instructed to do” — doctorpangloss

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.