I Infected my iPhone with 'Coruna' Spyware. Here's What I Found. YT

Description

Are you a security researcher or reverse engineer?

For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **

*License discounts are only valid for individuals, not corporations. Cannot be combined with any other promo code or discount.
** Cannot be combined with any other promo code or discount.

/////////////////////////////////////

Hey guys, today we are analysing a new iOS spyware chain found to be exploited in-the-wild. This is the first time I've ever had the chance to investigate a real-life sample of sophisticated iOS malware.

This spyware - internally known as 'Coruna' - was originally deployed by a suspected "Russian espionage group" (according to Google TAG) but more recently was deployed as part of a large scale operation designed to steal cryptocurrency, by a "threat actor operating from China".

I decided to infect one of my own iPhones for research purposes. I do NOT recommend doing this on a personal device you own. Everything shown in this video is strictly for educational purposes only.

In this video we look at how the chain executes on a real device, we investigate some of the implant binaries at a high level, and we discuss the indicators of compromise to look out for if you happen to be on a vulnerable version.

Thanks for watching
~ bellis1000

References:
https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit
https://iverify.io/blog/coruna-inside-the-nation-state-grade-ios-exploit-kit-we-ve-been-tracking
https://github.com/matteyeux/coruna