Thieves mask malware using stolen Opera digital certificate

The Web browser developer detected “a targeted attack” on its internal network infrastructure, according to company officials. The attackers stole an Opera code signing certificate that enabled them to endorse malicious software with what looked like a legitimate seal. “This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser,” company officials stated.

A few thousand Windows users, who were on Opera between 01.00 and 01.36 UTC on June 19th, might have received and installed the malware.

Ars Technica reports:  “Opera's advisory leaves out key information that makes it hard to assess just how much damage was done. Missing details include when the attackers first gained access to the servers, precisely when the stolen digital certificate expired, and whether there's reason to believe other certificates may also have been obtained. It would also be useful to know how hackers got access to an official Opera digital certificate, which is supposed to cryptographically prove that the software that bears its seal could only have come from the company. As Ars reported last year, companies such as Symantec go to great lengths to secure such keys, although Opera is hardly alone in losing control of such a valuable certificate.”