Opera Software, maker of the Opera browser, disclosed on Wednesday that its internal network was targeted in a heist in which the attackers made off with at least one certificate that they used to sign malware.
Sigbjorn Vik, who works in quality assurance at Opera Software, said that the hackers did not compromise any data belonging to users, and that the infection has been neutralised. However the culprits did 'obtain at least one old and expired Opera code-signing certificate...which allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser', accoridng to his blog.
Vik said that for a 36-minute period on 19th June, 'a few thousand' Windows users which were running the browser, may have automatically received and installed the malware.
Opera is scheduled to soon release a new version of the browser, which will rely on a new code-signing cert, and recommends that all users upgrade.