Popular anime streaming service Crunchyroll was recently hijacked by cybercriminals, with visitors being prompted to download software that was infected with malicious code.
Crunchyroll's Twitter account on Saturday tweeted a warning to its followers, telling them not to access its website. According to a report by Kotaku, the malicious file in question is named 'CrunchyViewer.exe.' Executing the program would apparently install a fake svchost.exe file.
The streaming service explained that the website itself was not hacked. The attack was supposedly DNS hijacking, a method where cybercriminals can forcibly redirect a site's online traffic towards alternative servers that will deliver fake web pages to otherwise unsuspecting users. The app was also unavailable for the duration of the attack.
A few hours later, Crunchyroll finally announced that the problem was resolved and that the app is fully functioning again. However, there has been no word on who was responsible for the attack nor how many users ended up with malware on their machines.
Update: The company behind Crunchyroll, Ellation, provided a statement to Neowin regarding the issue. It partly reads:
We’ve identified this as an isolated attack on our Cloudflare layer, and not Crunchyroll itself. As such, our servers were not compromised in any way, and none of our users’ secure information and data was at risk. We take security very seriously, and will pursue this malicious attack on our users to the fullest extent of the law. We will continue to provide updates as we gather more information.
22 Comments - Add comment