THREATNOIR
Subscribe
Back to Feed
Supply ChainMay 20, 2026

Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit

Compromised npm package art-template led to an iOS browser exploit kit deployment targeting iOS 11.0-17.2.

Read at source

Summary

The art-template npm package was compromised, leading to the deployment of an iOS browser exploit kit similar to Coruna. The attack targeted a range of iOS devices through a watering-hole attack, exploiting vulnerabilities in Safari on iOS 11.0 through iOS 17.2 and showing links to UNC6691.

Full text

Research/Security NewsMalicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and PasswordsA malicious NuGet package impersonating Sicoob exfiltrated client IDs, PFX passwords, and banking certificates through Sentry telemetry. By Kirill Boychenko - May 28, 2026

Indicators of Compromise

  • domain — git.youzzjizz[.]com
  • domain — v3.jiathis[.]com
  • domain — utaq[.]cfww[.]shop
  • domain — cfww[.]shop
  • domain — l1ewsu3yjkqeroy[.]xyz
  • domain — ipv4[.]icanhazip[.]com
  • hash_sha256 — f31bdd069fe7966ae11be1f78ee5dd44445938856dd1df12379e0e84a6851f5c
  • hash_sha1 — 8064d4e0322f069b3dba13e7957ff0ca7dab7984
  • hash_md5 — 6e79ae622b7ef30f31fdbcc2dc65339e

Entities

art-template (product)Safari (product)iOS (product)UNC6691 (threat_actor)Coruna (campaign)