Last Saturday morning, users of the anime streaming service, Crunchyroll, were redirected to a new homepage, alerting subscribers of a “new media player” called CrunchyViwer. Visitors were prompted to download and run this new program to continue viewing content, but were if fact running malicious software on their systems.
Crunchyroll’s parent company, Ellation, stated that hackers hijacked the company’s Cloudflare configuration, steering users to a rouge server hosting the malware. The incident was considered an isolated attack and did not affect the actual website. The company is prompting users who downloaded and ran the software to delete the program, backup their data, and continue to scan for possible viruses and other malicious software.
Researchers at Palo Alto Networks uncover new findings in the recent malspam campaigns. This time, it’s deploying Locky ransomware or the Trickbot banking Trojan depending on the victim’s geographical location. This comes in the form of a QtBot, a replacement for malicious VBScripts, to query websites that provide geo-IP services to pinpoint the target’s geographical location. The script is designed to deliver the TrickBot malware to targets in Great Britain, United Kingdom, Australia, Luxembourg, Belgium and Ireland. If outside of those locations, the target receives the Locky ransomware.
These attacks open up multiple fronts for network defenders and information security professionals as it creates multiple threats they need to address simultaneously. With these attack methods emerging, it’s critical for organizations to incorporate threat intelligence in their security strategy to be properly guided in the right direction and create the most effective response plan.
Check out our new blog posts, plus you can follow the blog on our social media outlets.
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.