Latest in Gear

Image credit:

Crunchyroll website hack tried to infect visitors with malware (updated)

For a while, the anime streaming service was a threat to your PC.
Jon Fingas, @jonfingas
November 4, 2017
Share
Tweet
Share

Sponsored Links

Rachel Murray/Getty Images for FUNimation Entertainment

Hacks that target major websites are nothing new, but Crunchyroll just suffered a particularly vicious attack. The anime streaming service was compromised for hours on November 4th after intruders planted a fake home page that pushed a malicious "CrunchyViewer" program to visitors. If Windows users were trusting enough to launch the file, it installed a mysterious background process that likely affected their systems. Mobile users were safe, although Crunchyroll noted that they weren't functional simply because the web team was fixing the website.

It's not certain just what happened or who was responsible. We've asked Crunchyroll for details and will let you know if it has more to share. It's evident that the site was deliberately targeted, though, and the perpetrators caught the site off-guard. As Customer Support Lead Nate Ming put it, the hack was the "first thing" some on the team woke up to in the morning. And the timing was definitely less than ideal if you were a viewer -- you may have received a rude surprise if you spend Saturdays catching up on Dragon Ball or Attack on Titan.

Update: Crunchyroll's parent company Ellation has explained what happened. Intruders managed to hijack and control the company's Cloudflare configuration, which normally redirects traffic to Crunchyroll. They steered it to the rogue server hosting the malware. Thankfully, it was an "isolated attack" -- it targeted Cloudflare, but not the actual website. If you have a Crunchyroll account, it's safe and sound.

If you downloaded that executable? You're not necessarily in trouble. You're fine if you didn't run the hostile program. If you did, you can manually remove the rogue files and registry entries. The team hasn't identified a perpetrator, but it's still hours after the attack; more definitive answers will likely take some time.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The Apple iPhone

The Apple iPhone

View
Facebook inexplicably logs out iPhone users

Facebook inexplicably logs out iPhone users

View
Pixar's 'Soul' was so popular on streaming that it beat 'The Office'

Pixar's 'Soul' was so popular on streaming that it beat 'The Office'

View
Microsoft reverses Xbox Live price hike, will add free multiplayer for some games

Microsoft reverses Xbox Live price hike, will add free multiplayer for some games

View
Tesla accuses engineer of stealing crucial company software

Tesla accuses engineer of stealing crucial company software

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr