Maker of Opera browser said its network was hacked to steal code-signing certificate

Share this article:

Opera Software, maker of the Opera browser, disclosed Wednesday that its internal network was targeted in a heist in which the attackers made off with at least one certificate that they used to sign malware.

The Norway-based company, whose browser is used by roughly two percent of internet users, according to Net Applications, said the hackers did not compromise any data belonging to users, and that the infection has been neutralized, Sigbjorn Vik, who works in quality assurance at Opera Software, said in blog post.

But the culprits did "obtain at least one old and expired Opera code-signing certificate...which allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser," he wrote.

Vik said that for a 36-minute period on June 19, "a few thousand" Windows users who were running the browser may have automatically received and installed the malware.

Opera is scheduled to soon release a new version of the browser, which will rely on a new code-signing cert, and recommends that all users upgrade.

A similar intrusion that affected Opera Software impacted Adobe in September.

And valid digital certificates being used for illegitimate purposes have become a preferred hacker ploy of late. Most recently, the authors of the Flame virus used rogue Microsoft certs to spread the nefarious malware. Certificate authorities themselves also have been targeted.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.