Developers of the open source web browser Pale Moon revealed on Wednesday that the project’s archive server was compromised and all executable files were infected with malware.
Pale Moon is an open source browser that focuses on customization and efficiency. The project is forked from Firefox code, but it uses its own layout engine (Goanna) and still provides support for some legacy Firefox extensions. Last year, it reported having somewhere between 750,000 and 1.25 million users.
Pale Moon informed users that its archive server hosted at archive.palemoon.org was hacked and archived executables, including installers and PE files, were altered to include a malware dropper tracked by ESET as Win32/ClipBanker.DY. When users would run the malicious files, a piece of malware described as a “trojan/backdoor” would be dropped on their systems.
The incident was discovered on July 9 and the impacted server was immediately shut down. However, an investigation revealed, based on the timestamps of infected files, that the attackers may have gained access to the server as early as December 27, 2017.
“It is possible that these date/time stamps were forged, but considering the backups taken from the files, it is likely that this is the actual date and time of the breach,” Pale Moon developers said in a post on their forum.
The targeted files were likely infected locally rather than being uploaded remotely, with roughly 3 Mb of data being added to each of them.
However, Pale Moon developers have limited data for their investigation due to the fact that the archive server became completely inoperable in late May 2019, which resulted in system log ..
Support the originator by clicking the read the rest link below.
