Find out if it's time to ditch Opera in favor of other web browsers

Jun 28, 2013 08:17 GMT  ·  By
Experts have analyzed the malware signed with the certificate stolen from Opera
   Experts have analyzed the malware signed with the certificate stolen from Opera

On Thursday, we learned that cybercriminals had managed to breach Opera’s systems and steal an expired code signing certificate which they used to sign a piece of malware.

According to the company, thousands of Opera users might have installed the malware onto their systems.

According to experts from Trend Micro, the malware in question (TSPY_FAREIT.ACU) poses as an Opera update.

Once installed on a computer, the threat is capable of stealing information from certain FTP clients and file managers, including usernames, passwords, and server names. The malware is also designed to steal data stored in web browsers.

“These data are typically login credentials for as social networking, banking, and e-commerce websites etc. Using these information, the people behind the malware can get hold of your various online accounts or even initiate unauthorized transactions. They can also profit from these stolen data by selling these to the underground market,” Trend Micro experts noted.

Avira experts have also analyzed the malware and found that it’s designed to target Opera, Thunderbird, Chrome, Firefox, Total Commander, Far, Filezilla, The Bat!, CuteFTP, and other similar applications.

Besides stealing information, the threat is also capable of downloading additional malware from a URL which still appears to be live. The URL in question has been found to store police ransomware, an information-stealing Trojan, and a backdoor.

Avira advises Windows users who utilized Opera between 1:00 and 1:36 UTC on June 19 to uninstall the web browser and scan their computers with an up-to-date antivirus solution.

After all threats are removed, the browser can be reinstalled.

We’ve asked Avira Security Expert and Product Manager Sorin Mustaca if Opera users should start considering other browsers following this incident.

“I can't so easily say that Opera is less safe than other browsers based on only this incident, but I definitely can say that their security processes should be improved,” Mustaca said in a mailed statement.

“For example, if a certificate is expired, why did it continue to reside on their infrastructure. The first thing to do in such cases is to revoke it so that nobody can reuse it. I don't know if they do this, but it is in general a good practice to scan with at least an antivirus product all the products before releasing them to the customers,” he added.

“Also, looking on the list of known past vulnerabilities of Opera, I can say that they had plenty of critical bugs that can affect the security of the user. But, compared to the other browsers, Firefox, IE and Chrome, I can't say that Opera is much more vulnerable than the others.”