A domain that more than 100,000 websites use to deliver JavaScript code is now being used as a conduit for a Web supply chain attack that uses dynamically generated payloads, redirects users to pornographic and sports-betting sites, and can potentially lead to data theft, clickjacking, or other attacks.
The malicious activity follows the sale of the domain polyfill[.
Io domain has been compromised to serve malicious code in scripts to end users in a widespread attack.
The site allows websites to use modern JavaScript features in older browsers by including only the necessary polyfills based on the user's browser.
Polyfill Users Were Forewarned Polyfill users were already clued in back in February of the potential for malicious activity and were advised to stop using the polyfill[.
Io domain after it was purchased by Funnull, a Chinese company.
Following the sale, the developer of the open source Polyfill project, Andrew Betts, urged users in a post on X to remove references to the content delivery network, in part because he never owned the site.
Immediate Action Required Supply chain attacks that compromise website scripts and other code that's used widely across applications or Web properties are serious business, which means anyone using Polyfill needs to take action now, Wijkmans said.
Io, which should immediately be removed from any site using it.
Threat feeds currenty don't flag the domain, so administrators should not rely on that, Wijkmans added.
The Polykill website also advises developers to use a code search tool or integrated development environment to search for instances of the malicious domain in source code across all projects within an organization.
It cites resources by the developer community Fastly Connect that also can help them secure websites that use Polyfill; these include polyfill-fastly[.
Io, which are free drop-in replacements for polyfill[.
Fastly's fork of the open source code 223 also can be used to self-host the service to maintain full control over the code delivered to users, according to Fastly.
This Cyber News was published on www.darkreading.com. Publication date: Wed, 26 Jun 2024 19:10:09 +0000