作者:Max,加密城市
從國家級監控工具進化為「資產收割機」
根據 Google 威脅情報小組(GTIG)發佈的深度報告,代號為 Coruna(亦稱為 CryptoWaters)的 iOS 漏洞套件正對全球 iPhone 使用者構成嚴重威脅。這款工具的發展路徑極具戲劇性,**2025 年 2 月首次被發現時,是由私人監視廠商提供給政府客戶使用,專門針對政治人物與異議人士進行精準監控。**隨後在 2025 年夏季,與俄羅斯政府有關聯的駭客組織 UNC6353 掌控了該套件,將其用於針對烏克蘭公民的地緣政治諜報活動。
圖源:Google | Coruna 發現時間軸
隨著技術外溢,這款耗資數百萬美元開發的專業級工具已正式流入網路犯罪市場。在 2025 年底至 2026 年初,一個中國駭客組織 UNC6691 取得了該技術,並將攻擊重心轉向劫掠數位資產。這象徵著高階間諜工具已商品化,由針對特定目標的情報獲取,轉變為對普通加密貨幣持有者的大規模財富掠奪。研究人員指出,駭客願意投入高昂技術成本,顯示出加密資產背後的龐大利益足以驅使專業技術流向金融犯罪。
23 種漏洞連鎖反應:隱藏在「水坑」後的靜默滲透
Coruna 套件具備極高的自動化程度與隱蔽性,內部整合了 23 個獨立漏洞,並構成 5 條完整的攻擊鏈。**其受影響範圍廣泛,涵蓋 iOS 13.0 至 iOS 17.2.1 的所有 iPhone 與 iPad 設備。**駭客採取了隱蔽的「水坑攻擊(Watering Hole Attack)」,透過入侵或架設偽造的加密貨幣交易所與金融網站來誘捕受害者。這些站點如偽造的 WEEX 交易平台,外觀與功能幾乎與官方網站無異,甚至透過搜尋引擎優化與付費廣告來增加曝光率。
圖源:Google | 偽造的 WEEX 交易平台
當 iPhone 使用者訪問這些受污染的網頁時,背景腳本會立即執行設備識別。系統會靜默檢查 iOS 版本,若確認設備版本在攻擊範圍內,便會自動觸發零點擊(Zero-click)漏洞滲透,全程不需要使用者進行任何互動或點擊下載連結。部分偽造網站甚至會主動提示使用者使用 iOS 設備瀏覽,宣稱可獲得更好體驗,實際上是為了精準鎖定尚未更新系統的脆弱目標。
連相簿內的截圖都無法倖免
一旦 Coruna 成功取得設備權限,其惡意程式 PlasmaLoader 便會啟動,對使用者的數位資產進行盤點。該程式擁有強大的掃描能力,會主動在設備中搜尋特定關鍵字,例如「backup phrase」、「bank account」或「seed phrase」,並從簡訊與備忘錄中提取關鍵數據。這款套件更具備影像辨識功能,能自動掃描使用者相簿中的截圖,尋找存放錢包助記詞或私鑰的 QR Code 。
除靜態數據採集外,Coruna 還針對市場上主流的加密貨幣錢包 App 如 MetaMask 與 Uniswap 進行攻擊。駭客試圖從這些應用中提取敏感資訊,以掌握錢包的完整控制權。在多宗已知案例中,受害者的資金在訪問偽造網站後短時間內即遭轉移。由於攻擊鎖定系統底層權限,只要私鑰曾在手機內留下任何數位痕跡,都難逃這款諜報級工具的採集。
圖源:Google | Google 列出所有可能被惡意程式攻擊的 App
防禦法則與生存指南?系統更新是安全關鍵
面對精密的高階威脅,iPhone 使用者應採取明確的防護措施。 **Google 報告指出,Coruna 對 iOS 17.3 或更高版本完全無效。雖然目前系統已推向更高版本,但仍有部分使用者因設備老舊或空間不足而未及時更新,因而暴露在風險中。**對於無法升級至安全版本的舊款機型,開啟蘋果提供的「鎖定模式(Lockdown Mode)」是有效的反制手段,惡意程式一旦偵測到此模式便會停止運行以規避追蹤。
資安專家建議加密貨幣持有者應遵循基本生存守則。首選防護是使用硬體錢包(如 Ledger 或 Trezor),讓私鑰永久處於離線狀態而不接觸 iOS 環境。其次應立即刪除相簿中所有包含助記詞或私鑰的截圖,改採離線實體方式備份。
儘管 Coruna 會避開無痕瀏覽模式以降低被發現的機率,但這僅能作為臨時應對。在數位資產價值日益攀升的今日,維持軟體更新與資安警覺性已成為每位投資人的基本義務。
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Gerelateerde artikelen
Android Malware Families Target 800+ Banking, Crypto Apps With Near-Zero Detection Rates: Zimperium
Gate News message, April 25 — Cybersecurity firm Zimperium has identified four active malware families—RecruitRat, SaferRat, Astrinox and Massiv—targeting over 800 applications across banking, cryptocurrency and social media sectors. The campaigns employ advanced anti-analysis techniques and
GateNews1u geleden
TRADOOR Token Crashes 90% in 30 Minutes Amid Suspected Price Manipulation and Wash Trading
Gate News message, April 25 — TRADOOR token experienced a sharp 90% price crash over 30 minutes at 2:00 AM today, according to on-chain analyst Specter. The token had surged as much as 900% since March 2026 before the sudden collapse, raising suspicions of price manipulation and coordinated
GateNews3u geleden
Lending Protocol Purrlend Suffers Attack, Loses $1.52 Million Across MegaETH and HyperEVM
Gate News message, April 25 — Lending protocol Purrlend fell victim to attacks on both the MegaETH and HyperEVM networks today, resulting in losses of approximately $1.52 million.
Attackers extracted roughly $1.2 million in assets from the HyperEVM network, including 449,683 USDC, 214,125
GateNews3u geleden
Ben Pasternak Arrested for Assault at NYC Hotel Amid $54M Crypto Fraud Lawsuit Over Believe Token
Gate News message, April 25 — Ben Pasternak, the 26-year-old Australian entrepreneur behind the Solana-based SocialFi platform Believe, was arrested on April 22 and charged with second-degree strangulation and two counts of third-degree assault following an alleged physical altercation with his ex-g
GateNews4u geleden
Independent Researcher Cracks 15-Bit ECC Key, Wins Bitcoin Reward from Project Eleven
Gate News message, April 25 — Independent researcher Giancarlo Lelli successfully cracked a 15-bit ECC encryption key protecting Bitcoin and received the Q-Day Award plus 1 BTC from quantum security startup Project Eleven.
Lelli used publicly available quantum hardware and a variant of Shor's
GateNews6u geleden
22-Year-Old California Crypto Launderer Sentenced to 70 Months for $263M Fraud Scheme
Gate News message, April 25 — Evan Tangeman, 22, from Newport Beach, California, was sentenced to 70 months in prison on April 24 for his role in laundering $263 million obtained through a massive cryptocurrency fraud scheme. The U.S. District Court in Washington, D.C., imposed the sentence
GateNews7u geleden
