Over 100,000 Websites Affected by Polyfill Supply Chain Attack

Resources
Over 100,000 Websites Affected by Polyfill Supply Chain Attack

Published:

Written by: Staff Editor
spot_img

Supply Chain Attack Hits Over 100,000 Websites – Malicious Polyfill Injection and Impact

A Massive Supply Chain Attack Hits Over 100,000 Websites, Including Major Platforms

A widespread supply chain attack has targeted more than 100,000 websites, causing chaos for notable platforms like JSTOR, Intuit, and the World Economic Forum. The attack originated from a fake domain posing as the popular open-source library Polyfill.js, which provides support for older browsers.

The Chinese company Funnull acquired the domain and GitHub account associated with the Polyfill.js project in February, allowing them to insert malware into sites that utilize cdn.polyfill.io. The malicious code is specifically designed to redirect mobile users to sports betting or explicit sites using a counterfeit Google Analytics domain.

Security researchers have highlighted the sophisticated nature of the injected malware, which adapts dynamically based on HTTP headers, making it challenging to detect. This Polyfill injection assault exemplifies a supply chain attack targeting a widely used library, showcasing the vulnerability of interconnected digital ecosystems.

The compromised Polyfill code generates malware tailored to specific conditions, such as targeted mobile devices and circumventing admin detection. The attack has far-reaching consequences, prompting Google to block ads for e-commerce sites using polyfill.io and even subjecting researchers to DDoS attacks after uncovering the campaign.

In response to the incident, the original Polyfill author, Andrew Betts, advised against Polyfill usage and emphasized the critical need for vigilance when integrating external code libraries. Experts have established a domain, polykill.io, to alert website owners of the risks associated with the compromised Polyfill project and recommend switching to secure alternatives like Fastly and CloudFlare.

This attack serves as a stark reminder of the security risks inherent in relying on third-party scripts and the essential measures needed to safeguard digital infrastructure from malicious takeovers and supply chain vulnerabilities.

spot_img

Related articles

Recent articles

New RowHammer Variant Compromises AI Models on NVIDIA GPUs

Global
GPU Vulnerability Alert: Understanding GPUHammer Attacks NVIDIA has recently raised alarms regarding a newly identified vulnerability known as GPUHammer, a variant of the well-documented RowHammer...
Read more

Major Police Bust Dismantles Infamous Dark Web Marketplace Archetyp Market

Dark Watch
Europol Dismantles Archetyp Market Following Extensive Investigation One Arrest Made; Additional Actions Taken Against Key Individuals Seizure of Millions in Various Assets Europol Shuts Down Archetyp Market...
Read more

Zebra Technologies and Clearview Unveil New Industrial Automation Center of Excellence

Knowledge Hub
Pioneering the Future of Industrial Automation: Zebra Technologies and Clearview's New Centre of Excellence In a rapidly changing industrial landscape, the demand for cutting-edge solutions...
Read more

Over 600 Laravel Apps at Risk of Remote Code Execution From Leaked APP_KEYs on GitHub

Global
Laravel Security Flaw Exposes Applications to Remote Code Execution Overview of the Vulnerability Recent findings from cybersecurity researchers reveal a significant security flaw in Laravel applications...
Read more
Sign up to the Newsletter and never miss out on the latest news!
Join the Cyber Warriors community and get Insider Tips & Tricks to defend your digital assets.

© Cyberwarriorsmiddleeast.com