ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Opera Software Hit by 'Infrastructure Attack'; Malware Signed with Stolen Cert


Opera Software Hit by 'Infrastructure Attack'; Malware Signed with Stolen Cert

Norwegian browser maker Opera Software has confirmed that a targeted internal network infrastructure attack led to the theft of a code signing certificate that was used to sign malware.

The company did not provide specifics of the breach or provide any details on the subsequent malware attacks that took advantage of Opera’s update service.

“The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser,” Opera warned in a brief advisory.

The breach, which was discovered on June 19, 2013, was described as a targeted attack with limited impact.

“Our systems have been cleaned and there is no evidence of any user data being compromised. We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments,” Opera said.

However, Opera warned that it was possible that thousands of Windows users who were using the browser between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software.
--- End quote ---



[0] Message Index

Go to full version