Hackers Steal Code Signing Certificate From Opera

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Opera tries to put a good spin on could turn out to be a pretty nasty breach

Malicious hackers have broken into systems of browser maker Opera and made off with an old code signing certificate, which has already been used to sign malware.

They may have taken more, but Opera has called in “the relevant authorities” to investigate how much the attackers stole. Opera said it had contained the threat, but it remains unclear how well.

Opera Browser Logo HD WallpaperThe incident took place on 19 June, Opera confirmed in a blog post. It said the perpetrators carried out a targeted attack on its internal network infrastructure.

Opera hacked

“This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser,” the browser maker said.

“It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate.”

Opera advised users to update their browsers and run “reputable” anti-virus on their systems, even though it’s unclear AV would have stopped the malware, given it was ostensibly approved by the company.

Security expert Graham Cluley said a code-signing certificate is “one of the crown jewels for a software company”.

“The last thing you want is it falling into the wrong hands – and for hackers to be able to pretend that their software was written by you,” Cluley told TechWeekEurope.

“Clearly something went badly wrong if the hackers were able to get their paws on it.

“The statement from Opera is a little odd… They say that they have identified that a Trojan was written and could have reached Opera users during a 36 minute window.

“The inference is that somehow signed malicious code might have made its way onto one of Opera’s servers and installed by the Opera browser itself onto users’ computers.”

Are you a security expert? Try our quiz!