Hackers upload bot code to Imgur in 8Chan attack
A nasty vulnerability in Imgur was used by attackers to hide malicious code in images, commandeer visitors' browsers, and hose the 4Chan and 8Chan image boards.
Imgur has fixed the hole preventing the upload of malicious images, and says the compromised pages were served in targeted attacks and not published to the site's main gallery page.
Compromised images were posted to 4Chan and a related Reddit subreddit page.
The attacker's intent is unknown and the command and control server is not known to have issued commands to infected machines.
"Yesterday a vulnerability was discovered that made it possible to inject malicious code into an image link on Imgur," Imgur community director Sarah Schaaf says.
"From our team's analysis, it appears the exploit was targeted specifically to users of 4chan and 8chan via images shared to a specific sub-reddit on Reddit.com using Imgur’s image hosting and sharing tools.
"The vulnerability was patched yesterday evening and we’re no longer serving affected images, but as a precaution we recommend that you clear your browsing data, cookies, and localstorage."
The attacks were reported on various 4Chan boards.
Imgur says it will release more information as it comes to hand.®