Opera certificate malware posed as an update

By on
Opera certificate malware posed as an update

Stole logins.

An attack against Opera last week which saw a malware signed as a certificate posed as an Opera update.

The malware bore the outdated Opera certificate and once executed stole crucial information from FTP clients or file managers including user names, passwords and server names, according to Trend Micro which detected the malware as TSPY_FAREIT.ACU.

Trend Micro said the malware gathered more information from browsers and collected login data to access accounts or even initiate unauthorised transactions.

“They can also profit from these stolen data by selling these to the underground market,” it said.

Opera estimates that several thousands of Windows users are affected as a result of their installed Opera software automatically installing the said malware bearing the outdated certificate. To address this issue, Opera has promised to release a new version of its browser.

It said that the attack last week was achieved after attackers accessed and stole at least one certificate that they used to sign malware.

Opera Software quality assurance Sigbjorn Vik said that the hackers did not compromise any data belonging to users, and that the infection has been neutralised.

Vik also claimed that the certificate was "old and expired", and that for a 36-minute period on 19th June, "a few thousand" Windows users who were running the browser, may have automatically received and installed the malware.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition

Most Read Articles

Log In

  |  Forgot your password?