Deployment of the Coruna exploit kit (23 exploits across 5 chains)
Use of fake Chinese finance and cryptocurrency-themed websites
Hidden frames for silent exploit delivery
Device fingerprinting to match exploit chains to specific iOS versions
WebKit remote code execution (e.g., CVE-2024-23222)
Kernel privilege escalation (e.g., CVE-2023-41974)
Deployment of PLASMAGRID stager
Injection into the iOS powerd daemon running as root