Pale Moon, an open-source web browser, housed malware in all its installers after attackers breached a Windows archive server belonging to the browser’s project. It was discovered that the installers had a Trojan known as ‘Win32/ClipBanker.DY’. According to M.C. Straver, creator of Pale Moon, attackers ran a script to infect all the executable installers of the browser with the Trojan. These executable files could allow access to other malware in the system.
Key highlights
Worth noting
In a breach report, Straver mentions the executable files were infected quickly one after the other through the server. “Judging by the modified time stamps, the files were infected in rapid succession, increasing the file size by about 3 MB of malicious payload. They were infected locally on the system, most likely with a script performing direct file manipulations. The infected files were not uploaded remotely in their infected state,” wrote Straver.
Publisher