Users visiting the popular Crunchyroll anime-streaming website from 03:30 to 06:00 Pacific Time on Sunday Nov. 5, were redirected to a seemingly legitimate website asking users to install an updated version of their respective video player. The version, of course, was tampered with.
While it”s uncertain how many users downloaded the malware during the 150 minutes the redirect was operating, the service blamed unauthorized access to its Cloudflare configuration. Although the window of opportunity for attackers was relatively brief, the streaming service is estimated to have 20 million users, making it plausible that some users might have been infected.
“The attackers redirected incoming visitors intended for the Crunchyroll.com website to a non-Crunchyroll-hosted server with the intent for visitors to download a malicious file, named “CrunchyViewer.exe.”,” reads the official Crunchyroll statement. “This file is malware directly targeting Windows PC web users.”
Subsequent analysis of the malicious “CrunchyrollViewer.exe” file offered to users revealed it was a default Metasploit payload that acted as a backdoor into the victim”s system. Although the command and control server to which the malware connected was also online briefly, the reason behind the attack is still unclear.
The official Crunchyroll statement also emphasizes that no servers were actually compromised and no user data was at risk. However, they posted a series of steps that potentially-affected users need to take. For instance, those who downloaded the file but did not execute it should immediately delete it and perform a system scan using a security solution.
Those who downloaded and installed the malware can find step-by-step instructions on how to remove it from their systems, here.
tags
Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.
View all postsNovember 14, 2024
September 06, 2024