Researchers link Polyfill supply chain attack to huge network of copycat gambling sites
Reading Time: 3 minutesOne of the biggest digital supply chain attacks of the year was launched by a little-known company that redirected large numbers of internet users to a network of copycat gambling sites, according to security researchers.
Earlier this year, a company called FUNNULL purchased Polyfill.io, a domain hosting an open source JavaScript library that — if embedded in websites — can allow outdated browsers to run features found in newer browsers. Once in control of Polyfill.io, FUNNULL used the domain to essentially carry out a supply chain attack, as cybersecurity firm Sansec reported in June, where FUNNULL took over a legitimate service and abused its access to potentially millions of websites to push malware to their visitors.
At the time of the Polyfill.io takeover, the original Polyfill author warned that he never owned the Polyfill.io domain and suggested websites remove the hosted Polyfill code completely to avoid risks. Also, content delivery network providers Cloudflare and Fastly put out their own mirrors of Polyfill.io to offer a safe trusted alternative for websites that wanted to keep using the Polyfill library.
It’s unclear what the goal of the supply chain attack was exactly, but Willem de Groot, the founder of Sansec, wrote on X at the time that it appeared to be a ‘laughably bad’ attempt at monetization.
Now, security researchers at Silent Push say they mapped out a network of thousands of Chinese gambling sites and linked it to FUNNULL and the Polyfill.io supply chain attack.
Silent Push researchers said in their report that they were able to identify around 40,000 mostly Chinese-language websites hosted by FUNNULL, all with similarly looking and likely automatically generated domains made up of a scattering of seemingly random letters and numbers. These sites appeared to impersonate online gambling and casino brands, including Sands, a casino conglomerate that owns Venetian Macau; the Grand Lisboa in Macau; SunCity Group; as well as the online gambling portals Bet365 and Bwin.
Sands, SunCity Group, Macau Grand Lisboa, and Bet365 did not respond to multiple requests for comment.
‘And those sites are all for moving money, or is their primary purpose,’ said Edwards.
The suspicious network of sites, according to Edwards and his colleagues, is hosted on FUNNULL’s content delivery network, or CDN, whose website claims to be ‘Made in USA’ but lists several office addresses in Canada, Malaysia, the Philippines, Singapore, Switzerland and the United States, which all appear to be places with no listed addresses in the real world.
On its profile on HUIDU, a hub for the gambling industry, FUNNULL says it has ‘more than 30 data centers on the continent,’ likely referring to mainland China, and that it has a ‘high-security automated server room in China.’
On its website, FUNNULL lists an email address that does not exist; a phone number that the company claims to be on WhatsApp, but could not be reached; the same number which on WeChat appears to be owned by a woman in Taiwan with no affiliation to FUNNULL; a Skype account that did not respond to our requests for comment; and a Telegram account that only identifies itself as ‘Sara,’ and has the FUNNULL logo as her avatar.
With access to millions of websites, FUNNULL could have launched much more dangerous attacks, such as installing ransomware, wiper malware, or spyware, against the visitors of the spammy websites. These kinds of supply chain attacks are increasingly possible because the web is now a complex global network of websites that are often built with third party tools, controlled by third parties that, at times, could turn out to be malicious.
This time, the goal was apparently to monetize a network of spammy sites. Next time, it could be much worse.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG