Maker of Opera browser said its network was hacked to steal code-signing certificate

Share this article:

Opera Software, maker of the Opera browser, disclosed Wednesday that its internal network was targeted in a heist in which the attackers made off with at least one certificate that they used to sign malware.

The Norway-based company, whose browser is used by roughly two percent of internet users, according to Net Applications, said the hackers did not compromise any data belonging to users, and that the infection has been neutralized, Sigbjorn Vik, who works in quality assurance at Opera Software, said in blog post.

But the culprits did "obtain at least one old and expired Opera code-signing certificate...which allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser," he wrote.

Vik said that for a 36-minute period on June 19, "a few thousand" Windows users who were running the browser may have automatically received and installed the malware.

Opera is scheduled to soon release a new version of the browser, which will rely on a new code-signing cert, and recommends that all users upgrade.

A similar intrusion that affected Opera Software impacted Adobe in September.

And valid digital certificates being used for illegitimate purposes have become a preferred hacker ploy of late. Most recently, the authors of the Flame virus used rogue Microsoft certs to spread the nefarious malware. Certificate authorities themselves also have been targeted.

Share this article:

Sign up to our newsletters

More in News

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry ...

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Siemens industrial products impacted by four OpenSSL vulnerabilities

The vulnerabilities can be exploited remotely, and fairly easily, by an attacker to hijack sessions and crash the web server of the product.