Friday, 28 June 2013

Hackers use Opera to sneak spyware onto thousands of Windows machines

opera-browser-logo
Hackers have infected thousands of Windows machines with spyware using a stolen Opera digital signing certificate.
Opera's Sigbjørn VikSigbjorn confirmed the web browser company had lost at least one digital signing certificate during a recent network breach, warning the crooks are using it to mount a defence-dodging spyware campaign on Windows users.
"The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser," wrote VikSigbjorn.
"It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19, may automatically have received and installed the malicious software. To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate."
VikSigbjorn called for Opera users to update to the latest browser to avoid falling victim to the attack. "Users are strongly urged to update to the latest version of Opera as soon as it is available, keep all computer software up to date, and to use a reputable antivirus product on their computer," wrote VikSigbjorn.
Trend Micro security researcher Alvin Bacani reiterated VikSigbjorn's sentiment, warning the TSPY_FAREIT.ACU malware used in the attack has several advanced spying powers. "Once executed, TSPY_FAREIT.ACU steals crucial information from certain FTP clients or file managers including usernames, passwords and server names. Aside from FTP clients, TSPY_FAREIT.ACU gathers more information from internet browsers," wrote Trend's Bacani.
"The data is typically login credentials for social networking, banking and ecommerce websites. Using the information, the people behind the malware can get hold of your various online accounts or even initiate unauthorised transactions. They can also profit from the stolen data by selling it to the underground market."
The malware is one of many to use legitimate certificates to bypass traditional defence systems. Last year the tactic was used by the infamous Flame malware, which used a spoofed Microsoft update certificate to bypass its victims' defences.

No comments:

Post a Comment