Several days ago, it was reported that the highly-popular anime website know as Crunchyroll has been hijacked by hackers and used to distribute malicious software (supposedly, a keylogger virus). Once users entered the site during the hacker attack, they were displayed with a pop-up which recommended that they download a certain piece of software – a desktop streaming tool for the site’s video content. However, it was soon discovered that the supposed streaming app actually contained malicious code. The name of the malicious application is CrunchyViewer and if you have had it downloaded onto your PC, make sure to keep on reading so as to find out how to get rid of this malware. Removal instructions will be provided at the bottom of this article
After realizing what has happened, the developers of the website posted a statement warning visitors to stay away from the website as it was hijacked by hackers and was being used for spreading malware. Currently, the issue seems to have been taken care of and things with Crunchyroll seem to be back to normal. Here is some official information from the website’s developers regarding the issue with the hacker attack and the CrunchyViewer application.
The site wasn’t hacked
According to more recent information from Crunchyroll admins, the website didn’t actually get hacked. Instead, the attackers somehow found a way to gain access to the Cloudflare account of the site which is normally used to redirect users to Crunchyroll. However, the hackers altered the Cloudflare account configuration and set it to redirect the incoming traffic to another website that seemed like Crunchyroll but was instead a ruse used to display the pop-up with the suggested download for the CrunchyViewer program.
Although currently the issue seems to have been handled, we strongly advise you to avoid any applications with the name CrunchyViewer so as to stay safe. Also, down below we have provided some instructions that should help you get rid of the virus if it has already gotten installed inside your system.
Currently, it is unclear what the actual purpose of the malware is. According to a security expert Bart Blaze, the malware could be a keylogger program that can keep tabs on what the user types on their keyboard which would allow the hacker behind the attack to gain personal user information such as online account usernames and passwords. Here is more detailed information from the researcher’s blog. Regardless of the goal of the malware, one thing’s for sure, it must get removed from any computers that have it.
Luckily, getting rid of this malware shouldn’t be too difficult. Just execute the following instructions and the CrunchyViewer app should be gone from your machine along with any malicious code that it might hold.
- Use the Winkey + R keyboard combination in order to open Run.
- In the search box, type regedit and then press Enter.
- Once the Registry Editor opens, navigate to this folder: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
- Left-click on the Run folder and look at the entries (keys) from the right panel. Right-click on the key labeled Java and select delete to delete that key.
- Now, open your Start Menu and copy-paste this:notepad %windir%/system32/Drivers/etc/hosts.
- Click on the first result and look at the bottom of the notepad file that opens next.
- Find where it says Localhost and look below it – tell us in the comments if there were any IP addresses there and what they are as you might need to remove the IPs if they are related to the virus.
- Go back to the Start Menu and this time type %AppData%.
- Hit Enter and look through the newly-opened folder.
- Delete the svchost.exe file that should be located there.
- Restart your computer – the virus should now be gone for good
If you have any questions regarding the guide or if you were unable to complete any of the steps, know that you can always contact us in the comment section in order to ask for our assistance – we will be happy to provide it.
Change old passwords
A good precaution measure that we can advise you to take in case you have had the CrunchyViewer installed on your PC is to change all your online passwords. As we already mentioned, there’s chance that this malware piece is actually a keylogger and if it turns out that it indeed is such a program, then the security of your web accounts might not be guaranteed. Also, after completing the steps from the guide, it might be a good idea to carry out a system scan using your antivirus program to see if there are any malware data left on your machine. If you do not have an antivirus, then we strongly recommend you get one as soon as possible and also make sure that it is a good and reliable one as having strong security software on your PC is a must in order to keep your virtual privacy secured and safe.