"On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised."
"We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments." said in a post on the Opera Security Blog.
Code signing certificates are used to cryptographically verify that a piece of software comes from its purported publisher. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software.
Opera plans to roll out a new version of its flagship browser which will use a new code signing certificate. The advisory also provides few details about the malware that was signed with Opera's official digital imprimatur, other than to link to this VirusTotal analysis.