The malware in the JavaScript library Polyfill.io.

There was news of malware in the JavaScript library Polyfill.io.
Polyfill.js is an open source library to support older web browsers, and it seems that municipalities and others running on older PCs may need to deal with it.

Fortunately, Polyfill.io was not used for anything I was involved with.

The malware was apparently introduced because a Chinese company bought the cdn.polyfill.io domain and a GitHub account, and then injected malware into mobile devices via a site that embeds this library. Scary.

I was reminded that I should gather information about IT as appropriate and look at security websites, especially for projects that are delivered privately, as it is difficult to realise that you are using them.

Resource from security company Sansec.

Translated with DeepL.com (free version)

よかったらシェアしてね!
目次