Polyfill supply chain attack hits 100K+ sites
June 27, 2024, 12:56 p.m.
Tags
External References
Description
A malicious Chinese entity acquired control over the popular Polyfill JS open-source project and has been injecting malware into over 100,000 websites that embed the polyfill.io content delivery network. The malware redirects mobile users to a fraudulent sports betting site hosted on a domain impersonating Google Analytics. The attack employs various evasion techniques and targets specific devices and time windows. While trustworthy alternatives are available, it's recommended to remove any references to polyfill.io from your codebase as the library is no longer necessary for modern browsers.
Date
Published: June 27, 2024, 12:32 p.m.
Created: June 27, 2024, 12:32 p.m.
Modified: June 27, 2024, 12:56 p.m.
Indicators
www.ys752.com
www.dxtv1.com
https://www.googie-anaiytics.com/html/checkcachehw.js
https://www.googie-anaiytics.com/ga.js
https://kuurza.com/redirect?from=bitget
kuurza.com
ecomscan.com
Attack Patterns
polyfill.js
T1557.002
T1036.003
T1608
T1564.003
T1027.005
T1189
T1059.007