Hackers have breached the archive server of the Pale Moon browser project and tainted older browser versions with malware. TechRepublic Cheat sheet: TensorFlow, an open source software library for machine learning Read More The hack went undetected for more than 18 months, according to a breach notice published today by M.C. Straver, the Pale Moon lead developer. The Pale Moon “archive server” is used to host older versions of the Pale Moon browser, in case users want to downgrade from the current stable version. “A malicious party gained access to the at the time Windows-based archive server (archive.palemoon.org) which we’ve been renting from Frantech/BuyVM, and ran a script to selectively infect all archived Pale Moon .exe files stored on it (installers and portable self-extracting archives) with a variant of Win32/ClipBanker.DY (ESET designation),” Straver said today. The Pale Moon dev said he learned of the incident yesterday, July 9, and immediately took down the compromised archive server. Hack took place way back in 2017 “According to the date/time stamps of the infected files, [the hack] happened on 27 December 2017 at around 15:30,” Straver said, following a subsequent investigation. “It is possible that these date/time stamps were forged, but considering the backups taken from the files, it is likely that this is the actual date and time of the breach.” The Pale Moon dev said all Pale Moon 27.6.2 and earlier were infected. Curiously, archived older versions of the Basilisk web browsers were not tainted, despite being hosted on the same… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.