Visitors to popular anime streaming site Crunchyroll received more than the pleasure of accessing Japanese cartoons over the weekend after the domain name service for the site was hacked to serve up malicious downloads as well.

The attack, which occurred on Saturday, involved hackers gaining access to Crunchyroll’s Cloudflare config file to redirect visitors to a fake homepage that hosted a malicious script called “CrunchyViewer.” That script, which was offered to visitors to the site using Microsoft Corp.’s Windows operating system, installed a file by the name of svchost.exe on the victims’ personal computers. Then it contacted a command-and-control service to download Metasploit Meterpreter, a module that can be used to compromise and hijack a PC for a range of malicious purposes.

It was initially believed that Crunchyroll itself was hacked, but parent company Ellation Inc. took to Medium to explain that their own site had not been compromised. Instead, hackers had managed to access their Cloudflare service to redirect visitors. “We’ve identified this as an isolated attack on our Cloudflare layer, and not Crunchyroll itself,” the company wrote. “As such, our servers were not compromised in any way, and none of our users’ secure information and data was at risk.”

Besides saying that it would pursue the matter “to the fullest extent of the law,” the company also recommended that those who had downloaded and run the script should delete CrunchyViewer.exe from their system. Then they should undertake a number of other actions, including removing the malicious Java run key from their system, removing the malicious binary, deleting svchost.exe and finally performing a scan with their installed antivirus product to double-check that the malicious script has been removed.

How the hackers managed to gain access to Crunchyroll’s Cloudflare service was not made clear, but the company said it would continue to investigate the matter.

Photo: dannychoo/Flickr