When we saw the new Fireship video yesterday, we were immediately reminded of the recent Polyfill attack. Our first article was picked up and referenced by most cybersecurity news outlets, and a week later we published our full post-mortem.
When Fireship then reported on Tuaw, “The Unofficial Apple Weblog” a ton of people read back in the day, we thought it right to report on it as well.
A quick recap before we get into the troubling stuff:
Tuaw[.]com was acquired by AOL, but a few years later in 2015 it was shut down.
Though just a few weeks ago, the website was put back online. They ran most of the old articles through an AI rewriter and put them back online. First using old author names, then renaming a bunch as we’ll see later on.
Also new articles have been added. A closer look reveals that these are likely also low-level AI generated and automated.
A Hong Kong based company named “WebOrange” squatted the domain and now owns this website.
The Fireship report ends there, but here’s why we think this might potentially be trouble in the making.
Be careful of Tuaw[.]com
In the recent Polyfill attack, we saw a case where a bunch of websites still referenced the domain Polyfill[.io] and others in their code. When the domain was then acquired, it was used to insert malicious code which redirected users to scammy websites.
Tuaw[.] immediately is less dangerous than Polyfill[.]io. As to our knowledge, they never spread scripts used by other websites. But since they once were a very popular news outlet, a lot of sites have links to their old articles.
One example we found is this on MacRumors forums:
That link “tuaw[.]com/2011/03/24/wooden-ipad-2-cover-outsmarts-apples-smart-cover/” redirects to “tuaw[.]com/ipad/accessories/”.
Which could be suspicious, and is potentially a scam in the making.
LabelCantine dug a bit deeper a few weeks ago, and found that Tuaw changed the name of the old reporters after threatening legal action:
We can also see the last uploaded articles we’re all done so in minutes away from each other:
And, while not foolproof, the image used for Paul Terpstra is likely AI-generated:
The domain still holds a lot of SEO potential, and will easily start ranking high fast. Meaning all this could just be an SEO play meant to generate traffic. Monetization through ads or redirects are endings we’ve seen before.
The importance of client-side security
Pure client-side risks are low with Tuaw[.]com. Nevertheless, it’s important to keep an eye on this domain. These other domains owned by this company according to LabelCantine linked above, followed similar techniques:
-
iLounge[.]com
-
Soup[.]io
If your site references any of them, we’d recommend you to review and remove them.
To keep your site safe from client-side JavaScript attacks, use c/side for free now.