topic Re: 02 Malware Polyfill.io detected on Payments page- in Discussions & Feedback

02 Malware Polyfill.io detected on Payments page-

Kreba — Thu, 01 Aug 2024 15:35:46 GMT

Logged in, to check balance then looked at add balance payments and immediatly my malware detection program found cdn.polyfill.io code trying to inject itself into my browser JS . seems your website has a problem - The JavaScript CDN service Polyfill.io is being used for spreading malicious code redirecting users to third-party websites

Re: 02 Malware Polyfill.io detected on Payments page-

Bambino — Thu, 01 Aug 2024 15:43:54 GMT

@Kreba This is not O2. This is a customer community. I will tag our community manager.

@Kei-M_O2 can you please look into this?

Re: 02 Malware Polyfill.io detected on Payments page-

Kreba — Thu, 01 Aug 2024 16:25:21 GMT

I went the Contact us route to see if I could send an email about the malware detection however the only Help and Support links are about accounts, devices and contracts nothing about the website itself, So I tried with asking a virtual assistant which brought me to a screen where it said start a discussion which brought me here. So I take it that theres no way to report this - other than here?

Re: 02 Malware Polyfill.io detected on Payments page-

Bambino — Thu, 01 Aug 2024 16:54:36 GMT

@Kreba All ways to contact O2 can be found here: How to find help & contact O2: A Guide - O2 Community

I don't know how much good that will do to help you.

Re: 02 Malware Polyfill.io detected on Payments page-

bhaskarsamani — Thu, 01 Aug 2024 16:57:56 GMT

contact o2 on 0344 809 0202

Re: 02 Malware Polyfill.io detected on Payments page-

Kreba — Thu, 01 Aug 2024 17:07:50 GMT

Took some digging, after many redirects and rabbit holes I've found the CyberSecReport@o2.com and posted there, Whether it would help or fix anything, I don't feel safe going to the top up page anymore from news articles from just a few months back shows the Polyfill-io supply chain attacks affecting payment sites I'll just top via voucher instead.

Re: 02 Malware Polyfill.io detected on Payments page-

pgn — Thu, 01 Aug 2024 17:14:07 GMT

A bit of background on this particular threat, for info:

https://blog.redsift.com/news/understanding-the-polyfill-io-domain-attack/

Re: 02 Malware Polyfill.io detected on Payments page-

Kei-M_O2 — Fri, 02 Aug 2024 08:48:24 GMT

Thanks all, I've raised this with one of our security teams to investigate. I'll let you know if we need any further information in the meantime.

Re: 02 Malware Polyfill.io detected on Payments page-

Kei-M_O2 — Fri, 02 Aug 2024 09:48:32 GMT

@Kreba can you give me a link to the page?

Re: 02 Malware Polyfill.io detected on Payments page-

Kreba — Fri, 02 Aug 2024 11:23:35 GMT

@Kei-M_O2 Site URL - myo2payg.o2.co.uk - detection program found a redirect script from cdn.polyfill io - It's the top up page so https://myo2payg.o2.co.uk/webtopup/details?journey=signedIn&disambiguation_id=a926f33b-cf9b-44f0-bf50-6ccdd1255a0d#/

Re: 02 Malware Polyfill.io detected on Payments page-

Kreba — Fri, 02 Aug 2024 11:32:00 GMT

If you goto that page the select the developer tools in your browser then head to network monitor and select refresh, you can see right at the top and midway down the list of links ://cdn.polyfill.io/v2/polyfill.js

Re: 02 Malware Polyfill.io detected on Payments page-

Kei-M_O2 — Mon, 05 Aug 2024 09:12:27 GMT

Thanks - I'll pass on the additional details. Do you have a screenshot of the alert? I think that might be useful as well.

Re: 02 Malware Polyfill.io detected on Payments page-

Kreba — Mon, 05 Aug 2024 21:21:17 GMT

Don't see how this will help more basically saying what I what I posted. It doesn't give more info except to open the web link which I obviously didn't do. It just alerted me so I ended up digging up more info on it via searches and developer network tools.