Over the past few hours, it has come to light that hackers have been using Imgur to push out malicious code to GIF lovers (and mainly 8chan users) across the globe.

First uncovered over on this reddit thread, followed with a detailed breakdown by user ItsMeCaptainMurphy  in this thread.

This isn’t a DDOS. It’s targeting 8chan users and leaving javascript code in their local storage that causes their browsers ping back to a command and control server each time they hit an 8chan page. Thus far the C&C server hasn’t sent out any commands (or stopped issuing commands before this was discovered). Over the evening whoever authored this has been updating and changing their code. It only effects very specific Imgur images/pages. Why is not yet known.

So, are you infected? Potentially – but with issues like this you’re always best to take the safe bet and take the recommend precautionary measures, even if you think you’ll be OK.

What to Do:

While Imgur is the source of the issue, there are some steps you can take to make sure you are safe.

  • Definitely clear your browsers local storage – follow this great guide.
  • I also recommend enabled click-to-play, to stop any malicious flash code running locally, without your knowledge/permission – here is a guide for you on that.
  • If you have an Imgur account and haved used your Imgur password on other services, I would definitely recommencement changing them, since Imgur’s servers have been compromised there’s a small chance they could have access to login credentials (borderline paranoia..)
  • Do not visit 8chan

It’s also worth saying that Imgur are aware of the issue.