PC maker Lenovo has been accused of shipping PCs and laptops with malware pre-installed that could leave users wide open to hackers.
The malware has been identified as “Superfish” and injects third-party adverts into web browsers from unidentified sources. However, the malware works by installing a “man in the middle” digital certificate in order to intercept information while the user browses. It also slows people’s computers down, as well as interfering with their web browsing and causing sites not to render properly.
The man-in-the-middle attack on the PCs’ security could also compromise people’s security when they buy goods online and conduct online banking.
Lenovo has admitted to installing the malware on new machines, but claims that it has stopped doing it – temporarily until the creators of Superfish fix the security issue. That, however, is unlikely to satisfy buyers.
In a support-forum posting, Lenovo admitted the issue: “Due to some issues (browser pop up behavior for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues.”
According to reports, the malware seems to have been bundled with Lenovo PCs for some time. A post on Reddit in October 2014 calls for help by the user of a brand-new Lenovo Y60 running Windows 8.1:
“So I just received my brand new Lenovo Y50 running Windows 8.1 and within two hours I started getting pop-ups and redirects. The only things I had done was remove some bloat-ware, install Chrome and Steam. The laptop came with a crappy version of McAfee so just for the hell of it I ran a scan and it didn’t find anything. I then disabled McAfee and ran a Windows Defender scan which came up with nothing as well. I’ve ensured my pop up blocker on Chrome is active,” writes the user, Williamod84.
He continues: “Other symptoms include certain words and phrases on a web page liked with red and double underlined. If I hover over it an ad pops up for something related to said word or phrase. Often if I click on an empty space on a page a new tab will open to an ad.”
In an update, the user says that he ran a Malwarebytes scan and found 77 threats on his brand new Lenovo, which the Malwarebytes software dealt with – but even that didn’t solve the problem.
“I quarantined them and restarted the computer. When it booted back up and I open Chrome I am having proxy server issues. When I go to change the proxy settings I choose ‘automatically detect settings’ and deselect ‘Use a proxy server for your LAN’ and click OK. But it immediately switches back after I close the window.”
Reddit readers noted back then that new Lenovo computers came with something called “LenovoBrowser Guard”, which they described as “spamware”. The user was advised to reset their Windows installation.
Back in 2008, it was reported that Lenovo was shipping malware in packaged software to Windows XP users, which was identified by Microsoft as Win32/Meredrop, Trojan horse software that is used to install and execute malicious executables on a targeted computer.
Lenovo’s PC business ballooned in size when it acquired IBM’s PC business in 2005. It went back to IBM to purchase its low-end x86 server business in 2014, and also recently acquired the smartphone business of Motorola, after Google passed it on following a steep decline in sales.