polyfill.io CDN distributing malware
The popular CDN (Content Delivery Network) polyfill.io is normally used by website developers to deliver javascript code to users who use older browsers. (polyfill implements javascript code for functionality that is missing in older browsers).
Unfortunatly now it is being used to deliver malware.
So recommendations would be
-
Block traffic to cdn.polyfill.io and polyfill.io on your firewall and EDR-systems
-
Check in logs of your firewall and EDR systems for IOCs (Indicators of Compromise), see screenshot below. If they appear in your logs then probably one of your users surved on a website that loaded the malware which then caused traffic to these domains. Scan then these devices with a malware scanner (depending on which you use the malware might not yet be be detected) or if you want to be sure reinstall OS on them
-
Check your own website if it includes calls to cdn.polyfill.io and switch to the cloudflare-version of polyfill and/or evaluate if you still need polyfill.