Visitors to anime streaming service Crunchyroll were greeted with a prompt to download malware this morning, prompting the site’s owners to take it offline while they resolved the issue. After going down for several hours, the site has resolved the issue and is now back online.
The site’s official Twitter feed sent out a warning just after 9 AM this morning, warning people not to access the site, and said that they were working to resolve the problem.
ATTENTION ALL CRUNCHYROLL USERS!!— Crunchyroll (@Crunchyroll) November 4, 2017
Please DO NOT access our website at the current time. We are aware of the issues and are working on it!!
According to Kotaku, users were prompted to install a file called CrunchyViewer.exe, which contained a malicious file. The site announced that its app wasn’t affected, but that the site was taken down to fix the problem.
Several hours after the problem was first noticed, the site tweeted out an all clear, saying that the site was back online.
In a blog post, Crunchyroll’s parent company Ellation explained that someone altered the site’s Cloudflare configuration, which redirected visitors to a “non-Crunchyroll-hosted server with the intent for visitors to download a malicious file.” They went on to explain that the site itself was fine, and that user data wasn’t compromised. Visitors who downloaded the file, but didn’t run it should be fine, but the post outlines several steps that people should take if they ran the file.
Update, November 5th, 2017, 9:00AM: Updated post with statement from Ellation.