Over 100,000 Websites Affected by Polyfill Supply Chain Attack

Resources
Over 100,000 Websites Affected by Polyfill Supply Chain Attack

Published:

Written by: Staff Editor
spot_img

Supply Chain Attack Hits Over 100,000 Websites – Malicious Polyfill Injection and Impact

A Massive Supply Chain Attack Hits Over 100,000 Websites, Including Major Platforms

A widespread supply chain attack has targeted more than 100,000 websites, causing chaos for notable platforms like JSTOR, Intuit, and the World Economic Forum. The attack originated from a fake domain posing as the popular open-source library Polyfill.js, which provides support for older browsers.

The Chinese company Funnull acquired the domain and GitHub account associated with the Polyfill.js project in February, allowing them to insert malware into sites that utilize cdn.polyfill.io. The malicious code is specifically designed to redirect mobile users to sports betting or explicit sites using a counterfeit Google Analytics domain.

Security researchers have highlighted the sophisticated nature of the injected malware, which adapts dynamically based on HTTP headers, making it challenging to detect. This Polyfill injection assault exemplifies a supply chain attack targeting a widely used library, showcasing the vulnerability of interconnected digital ecosystems.

The compromised Polyfill code generates malware tailored to specific conditions, such as targeted mobile devices and circumventing admin detection. The attack has far-reaching consequences, prompting Google to block ads for e-commerce sites using polyfill.io and even subjecting researchers to DDoS attacks after uncovering the campaign.

In response to the incident, the original Polyfill author, Andrew Betts, advised against Polyfill usage and emphasized the critical need for vigilance when integrating external code libraries. Experts have established a domain, polykill.io, to alert website owners of the risks associated with the compromised Polyfill project and recommend switching to secure alternatives like Fastly and CloudFlare.

This attack serves as a stark reminder of the security risks inherent in relying on third-party scripts and the essential measures needed to safeguard digital infrastructure from malicious takeovers and supply chain vulnerabilities.

spot_img

Related articles

Recent articles

Google Security Layoffs, AudiA6 Takedown, and $400 Million Coupang Fine Highlight Cybersecurity Landscape

Global
Google Security Layoffs, AudiA6 Takedown, and $400 Million Coupang Fine Highlight Cybersecurity Landscape In recent weeks, significant developments in the cybersecurity sector have underscored the...
Read more

Rashed Aleghfeli Appointed COO of Neurovia AI, Set to Strengthen AI Infrastructure at 2026 UAE Data Center Infrastructure & Cloud Summit

Regional
Rashed Aleghfeli Appointed COO of Neurovia AI, Set to Strengthen AI Infrastructure at 2026 UAE Data Center Infrastructure & Cloud Summit ABU DHABI, UAE, June...
Read more

Strengthening Cyber Resilience: The Imperative of Human Behavior and AI Frameworks in 2026

Features
Strengthening Cyber Resilience: The Imperative of Human Behavior and AI Frameworks in 2026 As organizations navigate the complexities of cybersecurity, the paradox of abundant security...
Read more

163 Organizations Compromised in Thai Gambling SEO Poisoning Operation

Dark Watch
163 Organizations Compromised in Thai Gambling SEO Poisoning Operation A significant cybersecurity breach has emerged, revealing that a Thai gambling SEO poisoning operation has compromised...
Read more