Popular art-template npm Package Compromised In Watering-Hole Campaign

Socket’s Threat Research details a supply-chain compromise of the npm package art-template used as a watering-hole to deliver a Coruna-style Safari/WebKit exploit framework against iOS 11.0–17.2: the malicious lib/template-web.js performs sophisticated anti-bot checks, fingerprinting, WASM-based memory probing and JIT-targeted payload fetching from remote modules, beaconing victims to a C2 and selectively loading version-specific exploit payloads; compromised package versions and loader URLs are provided as IOCs.