On June 19, Browser maker Opera admitted that, it discovered an attack on its internal network infrastructure and windows users may have been tricked into installing a Trojan signed with a stolen Opera certificate.
"On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised."
"We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments." said in a post on the Opera Security Blog.
Code signing certificates are used to cryptographically verify that a piece of software comes from its purported publisher. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software.
Opera plans to roll out a new version of its flagship browser which will use a new code signing certificate. The advisory also provides few details about the malware that was signed with Opera's official digital imprimatur, other than to link to this VirusTotal analysis.
"On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised."
"We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments." said in a post on the Opera Security Blog.
Code signing certificates are used to cryptographically verify that a piece of software comes from its purported publisher. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software.
Opera plans to roll out a new version of its flagship browser which will use a new code signing certificate. The advisory also provides few details about the malware that was signed with Opera's official digital imprimatur, other than to link to this VirusTotal analysis.