virus logo Threat Signal Report

Polyfill.io Supply Chain Attack

What is the attack?

Over 100,000+ sites have been impacted by a supply chain attack involving the Polyfill.io service. Polyfill is a popular tool used for enhancing browser capabilities by hundreds of thousands of sites to ensure that all website visitors can use the same codebase for unsupported functionality. Earlier this year, the polyfill.io domain was purchased, and the script was modified to redirect users to malicious and scam sites.

What is the recommended Mitigation?

Given the confirmed malicious operations, owners of websites using polyfill.io are advised to remove it immediately and search their code repositories for instances of polyfill.io. Users are also advised to consider using alternate services provided by Cloudflare and Fastly.

What FortiGuard Coverage is available?

  • Fortinet's FortiWeb Web Application Firewall (WAF) "URL Rewriting" feature could assist in replacing the Polyfill URLs. Please see Appendix for the link to Fortinet's Community KB site explaining in detail on how to use the feature.

  • FortiGuard Labs has also blocked all the known Indicators of compromise (IoCs) related to the malicious campaign.

Additional Resources

How to use FortiWeb URL Rewriting Feature - Fortinet Community
JavaScript supply chain attack impacts over 100K sites (bleepingcomputer.com)
Automatically replacing links with Cloudflare’s mirror for a safer Internet
New options for users - General - Fastly Community


Released Date Jun 26, 2024
Tags Threat Signal

Experienced a Breach? We're here to help

FortiGuard Incident Response Services
FortiGuard Incident Response Services
About FortiGuard Threat Signal

Learn More »