CDN showed Crypto Wallet Popup to Planners and Travelers – YouLi systems NOT breached
1. Incident OverviewA third-party service, used for animated icons on the YouLi platform, experienced a malicious attack targeting Crypto account holders. Users who click on the popup could have been tricked into a crypto scam to share their login details to their crypto account.
This incident led to unexpected “wallet” pop-ups appearing on some YouLi pages (Planners and Travelers) for a short period of time (less than 1 hour) and only when the user clicked on a link or button.
Start Time: 7:12 AM AEST October 31st
End Time: 8:10 AM AEST October 31st
Duration: less than 1 hour
Thankfully this was a quiet time on the platform, so we have not seen a large number of impacted users.
- Affected Systems: This incident impacted YouLi’s platform for a limited time. Other global websites and applications using the same third party were also affected
- Discovery and Initial Response: The issue was first observed at 7:12 am AEDT, with YouLi staff quickly identifying and disabling compromized files by 8:10 am AEDT to prevent further impact.
- Root Cause: It appears that the latest version of the file YouLi references was compromized, leading to code being loaded that triggered a “crypto wallet” pop-up on affected sites.
- Current Status: This third-party service is now disabled on YouLi. This does not have an impact on core services.
- Extent of Impact: Any YouLi users, including travelers, customers, planners, and affiliates, may have seen the wallet pop-ups before the third-party service was disabled.
- Data and Security Risks: No confirmed breaches or data risks have been identified within YouLi systems. The only potential risk is if a User clicked on the popup and provided the requested Crypto credentials.
3. Resolution and Recommendations
YouLi resolution
YouLi has disabled the impacted service on its platform, effectively removing the issue for YouLi users.
We are constantly reviewing our use of third parties to ensure that we can mitigate impact of outages or attacks on their systems.
We recommend
- Clearing browser cookies
- Running antivirus/antimalware scans, especially if you saw the popup or clicked on it.
- If you encounter similar pop-ups on other platforms, avoid clicking on them. Although the issue is resolved on YouLi, it may still appear on other websites using the service or compromized via the common Crypto Drainer attack.
-
- Learn More about Crypto Drainer attacks: https://www.kaspersky.com.au/blog/what-is-a-crypto-wallet-drainer/33228/
-
- Learn more about this specific incident: https://cointelegraph.com/news/crypto-app-sites-malicious-popups-after-ace-drainer-hacks-animation-library
- Learn more about this specific incident: https://cointelegraph.com/news/crypto-app-sites-malicious-popups-after-ace-drainer-hacks-animation-library
4. Ongoing Support
YouLi will update this article if any new information comes to light.
- If you were impacted and would like to request a list of pages viewed by your customers during the incident to properly manage your incident reporting, please let YouLi support know.
5. Working With Certified Suppliers
At YouLi we carefully select thirds-party providers who are certified and adhere to industry security standards. We remain vigilant and act quickly to address such issues.
Need more help?
Reach out to the YouLi support team via a chat box at the bottom of your screen or submit a ticket request. If you need more advanced support, we will be offering extra support during the recovery phase of this incident - please tell us in your request how we can help.