Maker of Opera browser said its network was hacked to steal code-signing certificate

Share this article:

Opera Software, maker of the Opera browser, disclosed Wednesday that its internal network was targeted in a heist in which the attackers made off with at least one certificate that they used to sign malware.

The Norway-based company, whose browser is used by roughly two percent of internet users, according to Net Applications, said the hackers did not compromise any data belonging to users, and that the infection has been neutralized, Sigbjorn Vik, who works in quality assurance at Opera Software, said in blog post.

But the culprits did "obtain at least one old and expired Opera code-signing certificate...which allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser," he wrote.

Vik said that for a 36-minute period on June 19, "a few thousand" Windows users who were running the browser may have automatically received and installed the malware.

Opera is scheduled to soon release a new version of the browser, which will rely on a new code-signing cert, and recommends that all users upgrade.

A similar intrusion that affected Opera Software impacted Adobe in September.

And valid digital certificates being used for illegitimate purposes have become a preferred hacker ploy of late. Most recently, the authors of the Flame virus used rogue Microsoft certs to spread the nefarious malware. Certificate authorities themselves also have been targeted.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

WikiLeaks makes FinFisher surveillance software available to public

Copies of controversial surveillance software, called "FinFisher," were made available for public scrutiny by WikiLeaks.

Researcher challenges reports that BlackPOS variant struck Home Depot

Nuix believes the malware found on Home Depot's systems belongs to a different threat family.

Documents reveal NSA plans to map every internet connected device in the ...

Documents provided by Edward Snowden reveal that the NSA is looking to build a near real-time map of every single internet-connected device in the world.