Insights Blog
Press Releases
Security Labs
HomeSecurity LabsHighly Popular Anime Site Jkanime Compromised - Redirecting Users To
Neutrino EK
On June 20, 2016 the popular anime site Jkanime was injected with
malicious code that was silently redirecting users to Neutrino Exploit Kit
(EK). During our analysis Neutrino EK dropped and executed the CryptXXX
3.0 crypto-ransomware, and we were requested to pay 1.2 BitCoin
(approximately $888 USD) in order to get our files back.
COMPROMISED WEBSITE
Jkanime is one of the most popular sites globally for streaming anime
episodes online, receiving an estimated 33 million visitors per month. It is
particularly popular in South America according to SimilarWeb.
The site itself has been injected with a script that includes another Javascript
(JS) file.
--> hxxp://galop[.]serviciosgeologicos[.]com[.]ar/script/widget.js
- Redirection (AfraidGate)
--
> hxxp://gittinsburpingtonsmythe[.]morgansdecorators[.]com/1999/11/10/sniff
/system/chase-twilight-decay-hungry.html - Exploit Kit (Neutrino)