Over a thousand Windows users were infected with password-stealing malware after hackers stole a software-signing certificate from Opera and used it to write malicious code.
Users affected by the cyber-attack automatically installed the Trojan, which posed as coming from Operaâ€™s legitimate software. In the last week, following the attack, Bitdefender detected the malware mostly in the US.
â€œThe current evidence suggests a limited impact,â€ SigbjÃ¸rn Vik, an Opera developer and quality assurance engineer, said in a blog post. â€œThe attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser.â€
The software company identified and halted the targeted attack on June 19. It also published a link to VirusTotal, where more than half of the antivirus solutions detected the malware at the time of writing.
Opera also announced itâ€™s working with authorities to investigate the source of the cyber-attack and any potential extent of the breach.