Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Namecheap took down Polyfill.io due to a supply chain attack. Malware was distributed to 110,000 websites, redirecting mobile users to a betting site. Google warned affected pages. Users should remove Polyfill.io and consider alternatives like Cloudflare or Fastly.
Read original article
Namecheap has taken down the Polyfill.io service due to a supply chain attack. The service, which was sold to a Chinese company, has been serving malware through its CDN to over 110,000 websites. The malware injected by the new owners redirects mobile users to a sports betting site. Notable users affected include Atlassian, Sendgrid, and government websites. Google has issued warnings to impacted landing pages. The original Polyfill.js library, created by FT.com, aimed to ensure compatibility with older browsers. Following the ownership transfer, concerns about the service's compromise were raised, leading to its removal by Namecheap. Alternatives like Cloudflare and Fastly are now available. Users are advised to remove cdn.polyfill.io from their sites, search for instances in their code, or consider self-hosting. This incident underscores the importance of auditing third-party services for trustworthiness and monitoring dependencies regularly to prevent future attacks.
Related
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
Malicious Code Injection Found in CDN Polyfill Link Targeting Mobile Users
Polyfill.io selectively polyfills browser features based on User-Agent headers. Tailored polyfills are provided, with official documentation on their website. Contribution guide on GitHub, self-hosting info, and MIT license available.
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
Cloudflare automatically fixes Polyfill.io for free sites
Cloudflare replaces polyfill.io links with their mirror under cdnjs to enhance Internet safety, addressing concerns of malicious code injection. Users urged to switch to Cloudflare's mirror for improved security.
4 commentsThere’s got to be significant liability concerns when you’re doing something that could impact hundreds of thousands of sites. It’s kind of a tough spot to be in, isn’t it?
Nobody could have predicted this /s
Related
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
Malicious Code Injection Found in CDN Polyfill Link Targeting Mobile Users
Polyfill.io selectively polyfills browser features based on User-Agent headers. Tailored polyfills are provided, with official documentation on their website. Contribution guide on GitHub, self-hosting info, and MIT license available.
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
Cloudflare automatically fixes Polyfill.io for free sites
Cloudflare replaces polyfill.io links with their mirror under cdnjs to enhance Internet safety, addressing concerns of malicious code injection. Users urged to switch to Cloudflare's mirror for improved security.