cancel
Showing results for 
Search instead for 
Did you mean: 

02 Malware Polyfill.io detected on Payments page-

Kreba
Level 1: Joiner
  • 6 Posts
  • 1 Topics
  • 0 Solutions
Registered:

Logged in, to check balance then looked at add balance payments and immediatly my malware detection program found cdn.polyfill.io code trying to inject itself into my browser JS . seems your website has a problem - The JavaScript CDN service Polyfill.io is being used for spreading malicious code redirecting users to third-party websites

Message 1 of 13
975 Views
12 REPLIES 12

Bambino
Level 85: Esteemed
  • 24193 Posts
  • 1054 Topics
  • 3793 Solutions
Registered:

@Kreba This is not O2. This is a customer community. I will tag our community manager.

@Kei-M_O2 can you please look into this?

I DO NOT WORK FOR O2



Funniest-Thread-2
Message 2 of 13
759 Views

Kreba
Level 1: Joiner
  • 6 Posts
  • 1 Topics
  • 0 Solutions
Registered:

I went the Contact us route to see if I could send an email about the malware detection however the only Help and Support links are about accounts, devices and contracts nothing about the website itself, So I tried with asking a virtual assistant which brought me to a screen where it said start a discussion which brought me here. So I take it that theres no way to report this - other than here?

Message 3 of 13
739 Views

Bambino
Level 85: Esteemed
  • 24193 Posts
  • 1054 Topics
  • 3793 Solutions
Registered:

@Kreba All ways to contact O2 can be found here: How to find help & contact O2: A Guide - O2 Community

I don't know how much good that will do to help you.

I DO NOT WORK FOR O2



Funniest-Thread-2
Message 4 of 13
725 Views

bhaskarsamani
Level 2: Apprentice
  • 57 Posts
  • 2 Topics
  • 0 Solutions
Registered:

contact o2 on 0344 809 0202 

Message 5 of 13
723 Views

Kreba
Level 1: Joiner
  • 6 Posts
  • 1 Topics
  • 0 Solutions
Registered:

Took some digging, after many redirects and rabbit holes I've found the CyberSecReport@o2.com and posted there, Whether it would help or fix anything, I don't feel safe going to the top up page anymore from news articles from just a few months back shows the Polyfill-io supply chain attacks affecting payment sites I'll just top via voucher instead. 

Message 6 of 13
714 Views

pgn
Level 77: Grand Master
  • 39183 Posts
  • 243 Topics
  • 1778 Solutions
Registered:
Message 7 of 13
708 Views

Kei-M_O2
Community Manager
Community Manager
  • 102 Posts
  • 5 Topics
  • 0 Solutions
Registered:

Thanks all, I've raised this with one of our security teams to investigate. I'll let you know if we need any further information in the meantime.

Message 8 of 13
625 Views

Kei-M_O2
Community Manager
Community Manager
  • 102 Posts
  • 5 Topics
  • 0 Solutions
Registered:

@Kreba can you give me a link to the page?

Message 9 of 13
609 Views

Kreba
Level 1: Joiner
  • 6 Posts
  • 1 Topics
  • 0 Solutions
Registered:

@Kei-M_O2  Site URL - myo2payg.o2.co.uk - detection program found a redirect script from cdn.polyfill io - It's the top up page so https://myo2payg.o2.co.uk/webtopup/details?journey=signedIn&disambiguation_id=a926f33b-cf9b-44f0-bf5...

Message 10 of 13
575 Views