![Polyfill[.]io Attack Hits Over 380,000 Hosts, Including Major Companies](https://www.cloudways.com/blog/wp-content/uploads/Main-Image_750x394-214.jpg)
The supply chain attack on the widely-used Polyfill[.]io JavaScript library has impacted over 380,000 hosts, according to recent findings from Censys. This attack includes references to malicious domains “https://cdn.polyfill[.]io” or “https://cdn.polyfill[.]com” embedded in HTTP responses as of July 2, 2024.
“Approximately 237,700 of these hosts are located within the Hetzner network (AS24940), primarily in Germany,” Censys reported. Hetzner, being a popular web hosting service, is heavily used by many website developers.
Further investigation revealed that domains tied to prominent companies like WarnerBros, Hulu, Mercedes-Benz, and Pearson were affected, referencing the malicious endpoints.
Cybersecurity The attack was first identified in late June 2024 when Sansec noted that code hosted on the Polyfill domain had been altered to redirect users to adult- and gambling-themed websites. These redirections were time-specific and targeted specific visitors.
The malicious behavior was introduced after the domain and its associated GitHub repository were sold to a Chinese company named Funnull in February 2024. This prompted Namecheap to suspend the domain, and Cloudflare and Google took steps to mitigate the attack by replacing Polyfill links with safe alternatives and blocking ads for sites using the malicious domain. Also, check out Namecheap alternatives if you are looking for a hosting.
Despite attempts to relaunch under a new domain, polyfill[.]com, this too was taken down by Namecheap on June 28, 2024. However, domains like polyfill[.]site and polyfillcache[.]com have since emerged, with the latter still active.
Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies
The supply chain attack targeting widely-used Polyfill[.]io JavaScript library is wider in scope than previously thought, with new findings from Censys showing that over 380,000 https://t.co/9JaTSk79Og
— Ivica Delic (@Free_LanceTools) July 5, 2024
A broader network of potentially related domains, including bootcdn[.]net, bootcss[.]com, staticfile[.]net, and unionadjs[.]com, has been linked to the Polyfill maintainers, suggesting a larger malicious campaign. Notably, bootcss[.]com has been engaging in similar malicious activities since June 2023, affecting 1.6 million public-facing hosts.
The WordPress security firm Patchstack warned of cascading risks from the Polyfill supply chain attack on sites running the CMS through dozens of legitimate plugins that link to the rogue domain.
The scale of this supply chain attack underscores the importance of vigilant monitoring and prompt action to safeguard web infrastructure against malicious exploits.
Start Growing with Cloudways Today.
Our Clients Love us because we never compromise on these
Abdul Rehman
Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He's also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.
