Summary
Acunetix 360 identified the usage of Pollyfill in the target web server’s HTTP response.
Polyfill.io, a widely used JavaScript library, was compromised following its acquisition by Funnull, a China-based CDN company. Malicious code was injected into the library, redirecting users to harmful websites.
Impact
Affected Users:
Over 110,000 websites
Nature of Malicious Activity:
Over 110,000 websites
Nature of Malicious Activity:
- Redirecting users to sports betting and pornographic sites.
- Specific activation on certain mobile devices at particular times.
- Delayed execution to evade web analytics detection.
- Avoidance of activation when an admin user is detected.
Remediation
Immediate Action: Remove Polyfill.io from affected websites and replace it with secure alternatives provided by Cloudflare and Fastly.