This is a developing story and Around Akiba will update as necessary.
UPDATE: Crunchyroll officially announced the website is back up and safe.
Don’t visit the Crunchyroll site right now. The site is down and the front page auto-downloads a weird .exe file.
— Canipa ? (@CanipaShow) November 4, 2017
At approximately 4:00 AM PST on Saturday, users of popular anime streaming site Crunchyroll discovered the site redirected to a server that forces web browsers to download an .exe file potentially affected with malware. Preliminary reports from users on Twitter and Reddit have stated that website hack is a DNS hijacking.
Update: We have NOT been hacked. At the moment, it appears to be DNS hijacking.
— Crunchyroll.de (@Crunchyroll_de) November 4, 2017
For those who are less internet savvy, a DNS hijacking is a technique in which hackers direct website’s visitors and other data to another website before it reaches the intended site. In this situation, Crunchyroll is not directly hacked, and the potential hacker(s) does not have access to personal information stored on Crunchyroll. As of 8:30 AM PST, the official Crunchyroll Twitter has stated that the official app is not infected and that they are working on fixing the website. No information is currently available as to who is responsible for the hijack and Crunchyroll is warning users to avoid entering the site until they have addressed the issues.
Did you download and run the file?
If you did, then yes you should be worried.
We don’t know what the file does yet, so change all important passwords on a known safe computer just to be safe. To remove the malware, either follow /r/techsupport’s Malware Removal Guideor backup your data, wipe your disks and reinstall your operating system. The malware appears to be a form of ransomware. See my second edit below.
But if you didn’t, then
you’ve probably got nothing to worry aboutyou probably won’t get infected. The malware appears to only infect your computer if you run the file it tries to get you to download (making it a Trojan virus). It doesn’t look like the page itself your computer on its own, so even if you visited the page you’ll be fine as long as you don’t download and run that file.
Still, since the website did get hacked, you’ll want to be worried about any credit card info you stored on there. It’s highly likely that whatever data you gave to Crunchyroll (like your credit card info or account password and all that) is compromised.
EDIT: Edited to be a bit more accurate. I forgot about the website’s databases for a bit.
EDIT2: Judging from what /u/Nalapl3 posted, the malware might be a form of Ransomware. It’s the kind of malware that holds your data for ransom by encrypting everything on your harddrives. If you get infected, you’ll either have to pay the attackers and hope for the best (since they might not even decrypt your data even if you pay them) or wait until the encryption gets cracked. If you get infected with ransomware, /r/techsupport’s wiki has an article about what to do next.
EDIT3: Thanks for the gold, /u/faux_wizard!
EDIT4: While the German twitter account is saying that it appears to be a DNS hijack instead of a true website breach, it really doesn’t sound like they’re 100% certain yet. I recommend that people assume the worst, so the information above is still relevant. Don’t let your guard down until the website is back to normal and Crunchyroll has released an official statement.
This is not the first time anime related websites experienced hijackings. Most notably, Anime News Network faced their own share of “hacking” troubles this past August. ANN CEO Christopher MacDonald summarized the incident in an article published on August 11, 2017:
So here’s the TL;DR version:
- ANN was “hacked” on August 7th;
- Hack was likely achieved by social engineering;
- Hackers were able to transfer our domain to a HK registrar notorious for domain theft;
- E-mails sent to addresses @ AnimeNewsNetwork.com after the hack may be read by the hackers;
- Hackers were able to take temporary control of our @Anime twitter account;
- Our servers were not compromised;
- User accounts, passwords, e-mail addresses, etc… were not compromised;
- Cell phones aren’t perfect 2-Factor security.