Maker of Opera browser said its network was hacked to steal code-signing certificate

Share this article:

Opera Software, maker of the Opera browser, disclosed Wednesday that its internal network was targeted in a heist in which the attackers made off with at least one certificate that they used to sign malware.

The Norway-based company, whose browser is used by roughly two percent of internet users, according to Net Applications, said the hackers did not compromise any data belonging to users, and that the infection has been neutralized, Sigbjorn Vik, who works in quality assurance at Opera Software, said in blog post.

But the culprits did "obtain at least one old and expired Opera code-signing certificate...which allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser," he wrote.

Vik said that for a 36-minute period on June 19, "a few thousand" Windows users who were running the browser may have automatically received and installed the malware.

Opera is scheduled to soon release a new version of the browser, which will rely on a new code-signing cert, and recommends that all users upgrade.

A similar intrusion that affected Opera Software impacted Adobe in September.

And valid digital certificates being used for illegitimate purposes have become a preferred hacker ploy of late. Most recently, the authors of the Flame virus used rogue Microsoft certs to spread the nefarious malware. Certificate authorities themselves also have been targeted.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.

FBI warns of potential cyber attacks launched by ISIS hacktivists

Following U.S. military airstrikes in the Middle East, the FBI has issued a warning regarding possible cyber threats aimed at U.S. networks and critical infrastructure by hacktivists in support of ISIS.

Report: 75 million records compromised so far in 2014

Report: 75 million records compromised so far in ...

An updated report indicates that since this time last year, breaches have increased by 29.4 percent, with 568 breaches occurring this year.