Today > | 7 High | 10 Medium | 4 Low vulnerabilities   -   You can now download lists of IOCs here!

Polyfill supply chain attack hits 100K+ sites

June 27, 2024, 12:56 p.m.

Description

A malicious Chinese entity acquired control over the popular Polyfill JS open-source project and has been injecting malware into over 100,000 websites that embed the polyfill.io content delivery network. The malware redirects mobile users to a fraudulent sports betting site hosted on a domain impersonating Google Analytics. The attack employs various evasion techniques and targets specific devices and time windows. While trustworthy alternatives are available, it's recommended to remove any references to polyfill.io from your codebase as the library is no longer necessary for modern browsers.

Date

Published: June 27, 2024, 12:32 p.m.

Created: June 27, 2024, 12:32 p.m.

Modified: June 27, 2024, 12:56 p.m.

Indicators

www.ys752.com

www.dxtv1.com

https://www.googie-anaiytics.com/html/checkcachehw.js

https://www.googie-anaiytics.com/ga.js

https://kuurza.com/redirect?from=bitget

kuurza.com

ecomscan.com

Attack Patterns

polyfill.js

T1557.002

T1036.003

T1608

T1564.003

T1027.005

T1189

T1059.007