Page 1 of 1

Pale Moon: Data breach on the archive server

Posted: Wed Jul 10, 2019 5:17 pm
by therube
Data breach on the archive server (archive.palemoon.org)
There has been a data breach on the (convenience) archive server where an attempt was made to sabotage our project by infecting all archived Pale Moon executables present on the server at the time of the breach with malware.

The archive server has been shut down until a secure alternative is available.
Original post:
Virus or Trojan on archive.palemoon.org ?

Data breach post-mortem


Most of the versions of Pale Moon come with accompanying .sig files (pgp signatures) which you can use to verify that the files are not tampered with or changed in any way.
Apart from the period where code-signing was not used due to unavailability at reasonable cost for Open Source development, binaries have also been code-signed; which can be checked through a right-click -> properties -> tab "Digital Signatures". If this tab is missing, then the binary is either not signed or has been modified from its original.
Later versions of the archived executables also come with a SHA256 has in the accompanying file "hashes.txt". You can verify the integrity that way, too.
That kind of stuff is there for a reason, so should not be dismissed, ignored - simply because you're getting your download from a "trusted" source.

Re: Pale Moon: Data breach on the archive server

Posted: Wed Jul 10, 2019 5:38 pm
by barbaz
According to the VirusTotal link, ClamAV doesn't detect this malware Image

Is there a signature I can add to ClamAV that would catch it? I have a couple old Pale Moon binaries which I don't remember where I got them, I don't think it was archive.palemoon.org but I'm not 100% sure, so I'd like to check to make sure they were not infected by this breach.

Re: Pale Moon: Data breach on the archive server

Posted: Wed Jul 10, 2019 7:36 pm
by therube
Generate a hash on your end, then send it to VirusTotal (I mean Google ;-)).

This is what I sent up for (what on my end I call), "Palemoon-Portable-26.5.0.Atom.WinXP (XP).exe.7z" (which is clean).
https://www.virustotal.com/gui/file/240 ... /detection
(SHA256 hash is in the URL.)


So plug the hash you generate in, & see what VT finds on it.


"Palemoon-Portable-28.2.2.win64.exe.7z" (clean)
https://www.virustotal.com/gui/file/fe2 ... /detection

Re: Pale Moon: Data breach on the archive server

Posted: Wed Jul 10, 2019 7:44 pm
by therube
@Moonchild
(While archive.palemoon.org is down, & .sig & "Digital Signatures" methods aside), do you have a listing of known good hashes that you could post so others questioning the validity of files they may have on hand can check against?

Re: Pale Moon: Data breach on the archive server

Posted: Thu Jul 11, 2019 12:11 am
by therube
SHA256 hashes to check against, https://pastebin.com/Lp27meQe.

Re: Pale Moon: Data breach on the archive server

Posted: Thu Jul 11, 2019 12:24 am
by barbaz
Thanks therube! SHA256 hashes of my binaries match what's in that file.

Re: Pale Moon: Data breach on the archive server

Posted: Thu Jul 11, 2019 3:09 am
by therube
(Ditto all my archived versions.)

Re: Pale Moon: Data breach on the archive server

Posted: Fri Jul 12, 2019 3:35 pm
by barbaz