By One of the famous anime streamers; Crunchyroll is warning their users to have a proper checking of malware in their systems. This warning spread like a wildfire after the attackers acquired access to its Cloudflare config and directly targeted the Microsoft Windows users with a destructive file.
The said attack was persisted for about a brief period of 150 minutes. It got access on Sunday, November 5 during 0330 to 0600 hours as per Pacific Time. During this period, the owner Ellation seized the website down. The website has about 20 million users, and still, people got adequate time to download the harmful file.
During such malicious attack, as this post explains, people trying to visit Crunchyroll were directed to a site impersonating the service, offering “CrunchyrollViewer.exe” to visitors.
Infosec bod Bart Blaze had took a look at what was in the malware here.
He writes that the malware dropped a svchost.exe in the user’s machine, and while running, it went back to a command-and-control server to download a Metasploit Meterpreter module.
At this, either Crunchyroll’s reply was sufficiently fast to halt any strictly nasty consequences, or the attacker was simply attempting his hand at malware since that’s as far as stuff went.
Anyone who was harmed by the attackers can discard they’re damaged within a few steps – outlined at the Crunchyroll post linked. Remove the malicious .exe file, discard a malicious Java Run key from their archive, delete the svchost.exe file, and finally run your system’s antivirus scan for keeping your system safe from other threats.
