The new Chinese owner of the popular Polyfill JS CDN source domain for javascrip file delivery seems let to injects malware into more than 100 thousand sites
CVE-2024-38526 : The chain attack, why?
Malicious code injected when transferring the domain polyfill This is called: supply chain attack in the Hacker environment.. but the executor is not hackers but crackers.
Explanations of the conspiracy
The polyfill code is dynamically generated based on HTTP headers, allowing for multiple attack vectors.
Recently, while the pollifill domain was moving, malicious code was injected that only on mobile phones induced visits to sports betting pages. https://web.archive.org/web/20240229113710/https:/github.com/polyfillpolyfill/polyfill-service/issues/2834#issuecomment-1963842875
The code has specific protection against reverse engineering and is only activated on specific mobile devices at specific times. It also does not activate when it detects an administrator user. It also delays execution when a web analysis service is found, presumably so as not to appear in the statistics.
Where is the tramp?
Umm that's weird: The original author of Polyfill recommends not using Polyfill at all, since it's no longer necessary for modern browsers anyway.
This happens just when the domain is migrated, which the original author did not care for or maintain.
Companies, especially Chinese ones, need to always use the most modern techniques so that older browsers are not used and therefore old equipment is never used.
ummm suspicious... it smells to me like discrediting something to gain ground!
No hay comentarios.:
Publicar un comentario
no stupid winbuntu users allowed!