Browser maker Opera believes "a few thousand" Windows users may have been tricked into installing a trojan signed with a stolen Opera certificate.
The firm said it "uncovered, halted and contained a targeted attack" on the company's internal network infrastructure on June 19.
Though it played down the breach by claiming there had been "little impact", it did concede that the attackers "were able to obtain at least one old and expired Opera code signing certificate, which they used to sign some malware".
"This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser," Opera noted.
"It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC [coordinated universal time] on June 19th, may automatically have received and installed the malicious software."
The Australian eastern standard time (AEST) equivalent would be 11am to 11.36am on June 19.
Opera said to "be on the safe side" it would push out a new version of Opera with a new code signing certificate. It urged users to update as soon as possible.
Security blogger Graham Cluley questioned the company's reporting of the attack.
"You can't help but raise an eyebrow at the spin Opera is valiantly trying to put on the incident, titling their announcement "Security breach stopped"," he said.
"And questions may be asked as to why it took Opera a week after they discovered the security breach before they went public with details."
Opera said it had cleaned its systems and there was "no evidence of any user data being compromised."
"We are working with the relevant authorities to investigate [the attack] source and any potential further extent," the firm said.