Pale Moon says hackers added malware to older browser versions

Hackers have breached the archive server of the Pale Moon browser project and tainted older browser versions with malware.


The hack went undetected for more than 18 months, according to a breach notice published today by M.C. Straver, the Pale Moon lead developer.

The Pale Moon "archive server" is used to host older versions of the Pale Moon browser, in case users want to downgrade from the current stable version.

"A malicious party gained access to the at the time Windows-based archive server (archive.palemoon.org) which we've been renting from Frantech/BuyVM, and ran a script to selectively infect all archived Pale Moon .exe files stored on it (installers and portable self-extracting archives) with a variant of Win32/ClipBanker.DY (ESET designation)," Straver said today.

The Pale Moon dev said he learned of the incident yesterday, July 9, and immediately took down the compromised archive server.
Hack took place way back in 2017

"According to the date/time stamps of the infected files, [the hack] happened on 27 December 2017 at around 15:30," Straver said, following a subsequent investigation.

"It is possible that these date/time stamps were forged, but considering the backups taken from the files, it is likely that this is the actual date and time of the breach."

The Pale Moon dev said all Pale Moon 27.6.2 and earlier were infected. Curiously, archived older versions of the Basilisk web browsers were not tainted, despite being hosted on the same server.

Ironically, the Pale Moon project missed a chance to detect the intrusion in May this year, when the original archive server encountered a data corruption issue and went down.

"Unfortunately, after the incident that rendered the server inoperable, the files transferred to the new system were taken from a backup made earlier that was already in an infected state due to the passage of time that this breach has gone undetected, so the infected binaries were carried over to the new (CentOS) solution," Straver said.
Going after cryptocurrency users

Users who downloaded files from the archive server are advised to scan their systems or wipe and reinstalls their workstations, to be on the safe side.

The Win32/ClipBanker.DY trojan is a what security researchers call a clipboard hijacker. After it infects victims it sits in an operating system's background, watching the OS clipboard. This particular variant would watch for text snippets that looked like Bitcoin addresses, and would replace them with a pre-configured address, in the hopes of hijacking transactions towards a hacker's own wallet.

The trojan had been previously analyzed in an ESET report dated March 2018. Other versions of this same malware family also had support for replacing Monero addresses.

Attached: palemoon.png (1000x425, 217.66K)

It's over palemoon compromised time to move to a new browser, I heard Chrome is pretty good guys

you mean goys, don't you?
Iridium better

Do Iridium/Ungoogled still have those bugs where you can't properly erase LSOs/Cookies?

...

wat

...

...

Pale Moon's developers were always shit.
t. someone who never used Pale Moon but talked to the developers otherwise

Is the palemoon devs still spergy buttfrustrated at noscript?

I think he was frustrated with retards who would install it and then complain to him when it broke sites.

If they cannot detect changes to their own binaries, why would anyone trust them to patch Firefox while maintaining browser security?

That's impossible. It is Open Source, and therefore safe because you audit the code before you run it, so that your freedom is preserved. Sage for fake news.

Seamonkey bruh

What kind of retard would use older versions of network-enabled software prone to commonly-employed exploits?

So quick to blame Pale Moon for what a demented, criminal hacker did!

Which resulted in him having a spergout at noscript instead of the users who couldn't read documentation.

JOSH WAS RIGHT

Stopped reading here. Sage.

Found your problem mate

...

So Palemoon is fine. Glad to hear.

LMOA

based user

winfags btfo