For many anime fans in North America and around the world, Crunchyroll is the first destination they head to for their anime viewing. So when it was revealed that the new "Crunchyroll viewer" download program was actually a
malicious plot to spread malware, there were more than a fair share of shaken and disappointed members of the anime communitty. Luckily, Ellation aced swiftly to neutralize the threat and restore service after roughly 5.5 hours. Below, you can check out Ellation's official statemet which explains what occurred and what steps were taken to correct the issue. Ellation also provides direction for what to do if you belive your computer or laptop might have been infected.
At 3:30am PST this morning, malicious individuals gained access and altered our Cloudflare configuration. Cloudflare sits between incoming visitors and Crunchyroll, and normally redirects traffic to Crunchyroll servers. The attackers redirected incoming visitors intended for the Crunchyroll.com website to a non-Crunchyroll-hosted server with the intent for visitors to download a malicious file, named “CrunchyViewer.exe.” This file is malware directly targeting Windows PC web users. We took down the site at 6:00am PST as a precaution and were able to re-secure and restore the correct configuration to our Cloudflare service at 9:00am PST. The Crunchyroll service was fully restored by 9:30am. We’ve identified this as an isolated attack on our Cloudflare layer, and not Crunchyroll itself. As such, our servers were not compromised in any way, and none of our users’ secure information and data was at risk. We take security very seriously, and will pursue this malicious attack on our users to the fullest extent of the law. We will continue to provide updates as we gather more information.
If you were a Windows user who downloaded the malware file from 3:30am to 9:00am PST this morning, it is important to take these steps to remove the malware from your system:
If you downloaded but did not run the file, you are not exposed to the effects of this malware.
-
Delete “CrunchyViewer.exe” from your file system
-
As precaution, please perform a scan with an antivirus/anti-malware product
If you downloaded and ran the “CrunchyViewer.exe” application:
-
Delete “CrunchyViewer.exe” from your file system
-
Remove the malicious “Java” Run key (You can find Information on how to edit the Windows Registry in the Microsoft support database if you are unfamiliar with the steps)
-
Open Regedit, and browse to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-
Delete the Java key
-
Remove the malicious binary, by navigating to: %appdata%\Roaming (for example: C:\Users\Yourusername\AppData\Roaming\)
-
Delete the ‘svchost.exe’ file
-
Perform a scan with your installed antivirus product
We are providing the above instruction to assist you with the removal of the .exe file. We recommend that you contact Microsoft or other knowledgeable technical support directly for specific questions related to the Windows operating system.
If you have any further questions about your Crunchyroll account, please contact our Customer Support Team: http://www.crunchyroll.com/help?topic=contact