• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

Kudos1 Stats

Pale Moon's Archive Server hacked and used to spread malware.

Hi there.
The Subject : Pale Moon's Archive Server hacked and used to spread malware, is doing the rounds, today 11/07/2019.

Win32/ClipBanker.DY is highlighted.

Is the signature covered by Norton Security Products ?

Cheers ! SinecoalCirph4.


Accepted Solution
Kudos1 Stats

Re: Pale Moon's Archive Server hacked and used to spread malware.


From a quick reading of the articles you provided links for, it looks like this was clipper malware that was designed to hijack Bitcoin and/or other cryptocurrency transactions by stealing cryptocurrency wallet addresses copied to the clipboard of an infected device.

The official announcement by Moonchild on the Pale Moon forum at Data Breach Post-Mortem states:

"Additionally, the infection is known to all major antivirus vendors and you can scan your downloads/system with your preferred mainstream antivirus scanner to verify the installers are clean."

Sartorix provided a link to the VirusTotal report for the infected palemoon-20.3-installer.exe (https://www.virustotal.com/gui/file/c6a1a6511416d113d6dcfbdb3b8678e6e675418fd12209be39dbb167db29eb67/detection) in their 09-Jul-2019 thread Virus or Trojan on archive.palemoon.org?  According to the VirusTotal report that particular Pale Moon installer was detected by Symantec / Norton as ML.Attribute.HighConfidence.  That's a generic heuristic (behaviour-based) detection for malicious files using advanced machine learning (AML) technology, so I'm not sure if there is a different detection name for the actual malware dropper that was bundled inside older (archived) Pale Moon installers.
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22


Re: Pale Moon's Archive Server hacked and used to spread malware.

I don't understand why some people still use those Chrome and FireFox spin-offs when there were numerous articles warning users that those are not well-built and well-maintained browsers. The only FF spin-off I trust is SeaMonkey and even with that browser I would not trust it 100% especially now that I know that it takes them very long time to update the browser. For maximum privacy Tor is the best one to use. I wouldn't really bother with the other browsers other than those two browsers (SeaMokey and Tor)