According to Opera’s official blog they have recently halted and contained a targeted attack on the company’s internal network. Opera’s Sigbjørn Vik said that on June 19th an attack took place which didn’t compromise any user data but stole at least one old and expired Opera code signing certificate. Hackers can then use this signing certificate to sign malware which allows them to distribute it as appearing to be either the Opera browser itself or a program verified by Opera.
“This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser” said Opera’s Sigbjørn Vik
Apparently Opera are working hard to try and fix the problem by introducing a new version of the Opera browser that uses a new code signing certificate. Any users who used Opera between 1:00 and 1:36 UTC on the day of the breach (June 19th) could have had malicious software installed onto their computer automatically without their knowing.
As if Opera wasn’t having a hard enough time already of tempting users over from the “big four” (IE, FireFox, Chrome and Safari) this latest incident is sure to make things even harder for them.
Image courtesy of Opera