huge right now.. over 100k legit websites and advertisers impacted
Massive attack underway and you are likely affected. #PolyFill is a popular open-source JavaScript library used by more than 100K websites to support older browsers via integrating the domain polyfill[.]io. But since PolyFill was acquired by a Chinese company in February, the domain has been injecting malware on mobile devices via any site which has polyfill[.]io. It appears the domain was purchased specifically to spread malware through legit sites and advertising—and it's working. PolyFill is spreading redirects like wildfire—#ecommerce operations are being hard hit. All websites utilizing the polyfill[.]io domain should remove it immediately. CloudFlare and Fastly have developed patches; Fastly has taken a snapshot of the code before it was sold and is hosting it here (https://polyfill-fastly.io). Use this remote host until you are able to download the polyfill.js file locally, scan it for vulnerabilities and host it on internal systems. Below—a PolyFill malicious payload example courtesy of Sansec - experts in eCommerce security. Please reach out to The Media Trust if you need assistance — info@themediatrust.com
