Hackers Steal Code Signing Certificate From Opera

Malicious hackers have broken into systems of browser maker Opera and made off with an old code signing certificate, which has already been used to sign malware.

They may have taken more, but Opera has called in “the relevant authorities” to investigate how much the attackers stole. Opera said it had contained the threat, but it remains unclear how well.

The incident took place on 19 June, Opera confirmed in a blog post. It said the perpetrators carried out a targeted attack on its internal network infrastructure.

Opera hacked

“This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser,” the browser maker said.

“It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate.”

Opera advised users to update their browsers and run “reputable” anti-virus on their systems, even though it’s unclear AV would have stopped the malware, given it was ostensibly approved by the company.

Security expert Graham Cluley said a code-signing certificate is “one of the crown jewels for a software company”.

“The last thing you want is it falling into the wrong hands – and for hackers to be able to pretend that their software was written by you,” Cluley told TechWeekEurope.

“Clearly something went badly wrong if the hackers were able to get their paws on it.

“The statement from Opera is a little odd… They say that they have identified that a Trojan was written and could have reached Opera users during a 36 minute window.

“The inference is that somehow signed malicious code might have made its way onto one of Opera’s servers and installed by the Opera browser itself onto users’ computers.”

Are you a security expert? Try our quiz!