- Security researchers have warned that the domain Polyfill.io has become compromised, spreading malware through a widespread supply chain attack.
- The malicious code generates payloads based on HTTP headers to obfuscate their tracks.
The cdn[.]polyfill[.]io and bootcss[.]com domains are compromised, infecting more than 110,000 websites with malicious code, with security firms sounding the alarm. Websites that have used the Javascript code from Polyfill have been urged to remove such code immediately. The change occurred after a suspected Chinese firm purchased the domain in early 2024.
The site offered widely used bits of code for older browsers that allowed the use of modern Javascript features. Such code makes the work for web developers easier and allows compatibility with a broader range of browsers. However, because the malicious code was inserted in Javascript bits, anyone using an infected website could implement the malware in their browser.
Eyal Paz, VP of Research at OX Security, spoke about the implications of the attack: “The recent Polyfill supply chain attack highlights a critical issue with current-day web development: the trust placed in third-party…
