Sansec revealed a supply chain attack targeting the Polyfill JS service through various CDNs, impacting a significant number of websites.
Malicious actors controlled multiple domains to distribute malware via cdn.polyfill.io, redirecting mobile users to a sports betting site through malware injection.
The malware adapts based on the requesting device, hides from reverse engineering, specifically targets mobile devices, and avoids activation during admin user visits or when web analytics are present.
The original creator of Polyfill JS, Andrew Betts, disowned the domain and advised removing polyfills entirely due to the unnecessary use of polyfills in the current web environment.
Collection
[
|
...
]