Skip to main content

Opera certificate stolen and used to spread malware in June hack

Opera has revealed that attackers targeted its network last week, but the company said it does not appear that user data was compromised.

Instead, an old certificate has been used to distribute malware.

"On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised," Opera's Sigbjørn Vik said in a blog post.

The hackers gained access to "at least one old and expired Opera code signing certificate, which they have used to sign some malware," Vik wrote. Though the attack has had a "limited impact," he said, that certificate has been used "to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser."

Opera estimates that "a few thousand" Windows users who were using Opera during a 30-minute period on 19 June were affected. "To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate," Vik said.

Opera "strongly urged" customers to make sure they update their browsers to the latest version. The company also pointed to Virustotal, which has an overview of the malware involved and which anti-virus software can detect it.

Last month, Opera unveiled a totally revamped version of its desktop browser, and released a trial version for Windows and Mac. That came shortly after the WebKit-based Opera for Android web browser graduated from beta and hit the Google Play store.