Crunchyroll Malware Hack Targets Anime Fans

Put down that body pillow and drop the Pocky — your favorite Japanese shows might be infecting your computer!

If you tried to update or install the software for anime streaming service Crunchyroll on a Windows PC between 3:30 a.m. and 6:00 a.m. PDT (6:30 a.m. and 9:00 a.m. EDT) on Saturday, Nov. 4, your computer may be infected with a dangerous keylogger. Removing it won't require a powerful burst of energy formed by the power of friendship, though; all you need is a little Windows Registry know-how.

Credit: Studio Pierrot

(Image credit: Studio Pierrot)

This sad bit of news comes from Ellation, the company that owns Crunchyroll, as well as from Crunchyroll's German-language and English-language Twitter accounts. The good news is that the Crunchyroll site wasn’t technically hacked; the bad news is that it had its DNS server hijacked, redirecting visitors to a Crunchyroll clone.

This unscrupulous site directed viewers to download a desktop viewer called "CrunchyViewer.exe." It’s not exactly clear what this malicious Java-based application does, but in a blog posting, security expert Bart Blaze theorizes that it may be a keylogger.

MORE: Best Antivirus Software and Apps

As hijackings go, this was probably not the most devastating one of all time. The attack affected only Windows PCs, took place in the middle of the night for many customers, and required active participation on a user’s part. (If you downloaded, but didn't run, the EXE file, all you need to do is delete it.) Still, if you did run the EXE, not every antivirus product will detect it before the malware can be installed.

If you’re one of the unfortunate few who did run and install the malicious software, here’s how to expunge it:

First, delete the EXE from your downloads folder. Then, run Regedit in the Windows command prompt. Navigate to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. You will see a key called "Java." Delete it.

From there, go to your AppData folder, usually located in C:Users\[Your Username]\AppData\Roaming. Delete the file called "svchost.exe." Run an antivirus scan of your choice to sweep out the dregs, and you’re done.

One thing to bear in mind is that if you input any passwords while you had the potential keylogger installed, they could have fallen into malicious hands by now. You should change them immediately.

Now you can resume watching superpowered schoolgirls save the world, or giant robots duke it out over the Tokyo skyline, or sulky teenagers sort out their problems in elaborate online games. Hey, it's less embarrassing than having a computer full of malware.

Best Antivirus Software

Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi.