Currently active on more than 100,000 websites, the web service Polyfill.io recently fell victim to an attack that compromised it, exposing websites to possible injection of malicious code.
Public administrations using the Polyfill.io service on their sites are urged to remove it as soon as possible. This is what CERT-AgID suggests with regard to the supply chain attack that hit the Polyfill.io web service, which is widely used on more than 100,000 websites.
What is a polyfill?
A polyfill is a piece of code, commonly JavaScript, that adds modern functionality to older browsers that do not natively support it. In the latest findings, the domain associated with the service, cdn.polyfill.io, was found to have been compromised, enabling the injection of malicious code in order to obtain redirects to fraudulent sites and capture sensitive user data.
What to do
The registrar Namecheap, operator of the malicious domain, has already taken action by suspending and reclaiming the compromised domain.
In addition to removing the service, it is essential to ensure that the websites that referred to the original Polyfill domain also have their dependencies updated, as Polyfill.io's services are currently no longer provided and this could cause malfunctions in the services that previously used it.
CERT-AgID has already taken action to alert and mitigate the consequences of this attack towards the entities of its constituency and, more generally, towards entities of the public administrations involved, while it is proceeding to remove the plugin from its exposed sites as well. For more information, please consult the in-depth study published on CERT-AgID’s website.