The team behind Pale Moon announced yesterday that their archive server was hacked. Hackers hacked the server of the Pale Moon browser project and infected older versions browser with malware.
According to the Communication, published by the lead developer, M.C. Straver, the attack had been done 18 months ago, but it was discovered now.
The "archive server", essentially, hosts older versions of the browser. Developers want to have the oldest publications available, in case one of the users wants to leave the current stable version and revert to a previous one.
According to Straver, a malicious group had gained access to the archive server (archive.palemoon.org). The hackers, after obtaining Accessed at, they ran a malicious script that selectively infected all Pale Moon .exe files stored on the server. To infect the Archives, the hackers used a variant of the Win32 / ClipBanker.DY (ESET).
The Pale Moon browser development team was informed about the issue Security the day before yesterday, July 9, and immediately removed the compromised archive server.
The attack took place in 2017
After investigation, it was discovered that η Oversight had taken place on 27 December 2017 at about 3:30.
"It is possible that these dates and times are fake, but considering the Duplicates security, taken from the files, it is likely that this is the actual date and time of the breach."
Straver said. all versions before Pale Moon 27.6.2 have been infected by the malware. In a strange way, older versions of the Basilisk web browser were not affected, even though they are hosted on the same server.
Unfortunately, the Pale Moon team was unable to detect the breach in May, when the archive server experienced some problems.
Targeting users of cryptocurrencies
The developers of Pale Moon advise users who have downloaded files from the achive server to scan their systems.
The Win32/ClipBanker.DY trojan infects systems and monitors the operating system clipboard. This particular variant monitors addresses Bitcoin. Through this, hackers can transfer victims' money to their own addresses.
