July 4th, 2024

384k sites pull code from sketchy code library recently bought by Chinese firm

Over 384,000 websites linked to a code library in a supply-chain attack by a Chinese firm. Altered JavaScript code redirected users to inappropriate sites. Industry responses included suspensions and replacements.

Read original articleLink Icon
384k sites pull code from sketchy code library recently bought by Chinese firm

More than 384,000 websites were found linking to a code library that was recently involved in a supply-chain attack after being acquired by a Chinese firm. The JavaScript code hosted on polyfill[.]io was altered to redirect users to adult and gambling sites. Industry responses included domain suspensions, content delivery networks replacing links, and ad blocks. Despite these actions, over 384,000 sites continued to link to the compromised domain, including mainstream companies like Hulu, Mercedes-Benz, and Warner Bros., as well as government entities. Researchers also discovered other domains associated with the Chinese firm engaging in potentially malicious activities. The incident highlights the risks of supply-chain attacks, where malware can spread to numerous users through a common source. The situation was contained after domain suspensions, but concerns remain about potential future exploits if the domain restrictions are lifted. Efforts to reach the Chinese firm for comment were unsuccessful.

Related

Polyfill supply chain attack hits 100K+ sites

Polyfill supply chain attack hits 100K+ sites

A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.

If you're using Polyfill.io code on your site – remove it immediately

If you're using Polyfill.io code on your site – remove it immediately

A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.

Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack

Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack

Namecheap took down Polyfill.io due to a supply chain attack. Malware was distributed to 110,000 websites, redirecting mobile users to a betting site. Google warned affected pages. Users should remove Polyfill.io and consider alternatives like Cloudflare or Fastly.

Over 100K+ Sites Hit by Polyfill.io Supply Chain Attack

Over 100K+ Sites Hit by Polyfill.io Supply Chain Attack

A supply chain attack on Polyfill.io affected 100,000+ websites, redirecting mobile users to a betting site. Security measures like link rewriting and integrity checks are advised to mitigate risks in web development.

Many website admins have yet to get memo to remove Polyfillio links

Many website admins have yet to get memo to remove Polyfillio links

More than 384,000 websites linked to a code library involved in a supply-chain attack by a Chinese firm. Industry responses included domain suspensions and ad blocks. Over 1.6 million sites linked to potentially malicious domains. The incident highlights supply-chain attack risks.

Link Icon 1 comments
By @gnabgib - 5 months
Related: Polyfill supply chain attack hits 100K+ sites (886 points, 9 days ago, 370 comments) https://news.ycombinator.com/item?id=40791829