Imgur Hacked to Launch DDoS Attacks against 4chan & 8chan

 Reports have surfaced that popular image-sharing website – Imgur has been hacked with malicious code injected in its images to carry out DDoS attacks on 4chan and its smaller spin-off, 8chan. Both image boards have suffered downtime.

The attack was first publicized when Reddit user ‘rt4nyp’ discovered a traffic-based DDoS attack on popular imageboards 4chan and 8chan.

The Reddit user found it peculiar that images hosted via Imgur on Reddit to be loaded as inline base64 data. Digging deeper into the code, he noticed a Javascript code that wasn’t supposed to be there, suffixed at the end.

The Malicious Code

The code contained a clandestine “axni” variable located within the browser’s localStorage and was set to load a Javascript file from “4cdns.org/pm.js”, according to an analysis done by Softpedia.

The location was not a part of 4chan’s official content-delivery network (CDN) and was a faux domain that looked like the original 4chan CDN, which was promptly facing downtime. To avoid detection, attackers made sure that the malicious code would not be reloaded when the original image was refreshed. Additionally, the JavaScript file could not be loaded into the browser directly.

A DDoS Attack with a Plenty of Images

The Reddit user discovered the JavaScript file loaded an iframe tucked away from the user’s interface with some clever stylesheet writing, and sure enough, hundreds of 4chan images were loaded, inundating the server with traffic.

After being notified of the vulnerability, Imgur fixed the same quickly afterwards. In a blog post, the company said:

“From our team’s analysis, it appears the exploit was targeted specifically to users of 4chan and 8chan via images shared to a specific sub-Reddit on Reddit.com using Imgur’s image hosting and sharing tools. The affected images were not published to the galleries on Imgur.com.”

“The vulnerability was patched yesterday evening,” Imgur confirmed.

Reddit users who have accessed the 4chan sub-Reddit are advised to clear their browser’s cache. The same applies to wiping browser data and removing saved cookies immediately.