Crunchyroll's Website Redirected to Server With Malicious Software (Update 4)
posted on by Egan Loo
The web address for the streaming service Crunchyroll redirected to a server that forced most web browsers to download software without authorization since before 8:00 a.m. EDT on Saturday. The front page of the redirected server claimed "A New Media Player" for Crunchyroll (with grammatical errors), and automatically sent a "CrunchyViewer.exe" program for download.
Crunchyroll's official German Twitter account advised users to avoid accessing the Crunchyroll website, explaining that there is a problem with "malicious software." If people already downloaded the CrunchyViewer.exe program, the German account also urged them to delete the program, to not run the program, and to scan their computers for possible viruses or other malicious software. The account added, "if you have run [the CrunchyViewer.exe program], change all your passwords and backup your data."
The service's German Twitter account said that people who access the service through a Crunchyroll app (instead of through the website) "should be safe," although the service was not streaming as of 9:06 a.m. EDT. The Twitter account emphasized that the service's servers have not been compromised, and explained that "at the moment, it appears to be DNS hijacking." Domain Name Service hijacking allows an unauthorized third party to redirect traffic from the proper server to another server, similar to what happened to ANN in August.
Crunchyroll's representatives in the United States have not yet responded to ANN's request for comment. Crunchyroll's German Twitter account noted that Crunchyroll's American social media staff members were not awake when the problem first appeared. The German account had been posting warning messages in both German and English.
Services that attempt to identify the geographical location of a server, based on its numeric Internet Protocol address, list the redirected server in the Netherlands. However, these services do not necessarily give an accurate geographical location.
Update: Instead of the unauthorized server with the CrunchyViewer.exe software download, some users may see the proper Crunchyroll server, but with a message reporting that "an error has occurred."
Update 2: As of 10:09 a.m. EDT, Crunchyroll's English Twitter account also warned users not to access its website, and it also assured them that its staff is working on the problem.
Update 3: As of 12:14 p.m. EDT, Crunchyroll's web address apparently directs to the proper server, although the company has yet to confirm this. Crunchyroll's iOS app and Roku channel are also streaming videos.
Update 4: As of 12:31 p.m. EDT, Crunchyroll's English Twitter account reports that the website is back online.
this article has been modified since it was originally posted; see change history