Lenovo has become one of the most popular PC manufacturers in recent years due mostly to competitive pricing and an assortment of products catering to every customer need. Unfortunately, security experts have recently uncovered that Lenovo is also shipping these popular computers with invasive marketing software that borders on malware. This malware could easily open up doors for cybercriminals and hackers – let alone the fact that Lenovo doesn’t seem to have a problem spying on its very own customers to make a few extra bucks. This software, known as Superfish Malware, is designed to analyze users’ Internet habits and inject third-party advertising in popular web browsers including Google Chrome and Internet Explorer with the PC user’s permission. Superfish Malware has been on all new consumer-grade Lenovo laptops sold prior to January 2015. The malware is immediately activated when the machine is turned on for first-use and Lenovo customers are using the malware without knowing the dangers inherent to malware like Superfish.
What makes this malware especially dangerous is that it mimics a “Man in the Middle” (MitM) attack. In other words, the software impersonates the security certificates of encrypted websites in an effort to monitor users’ behavior even when navigating websites protected by SSL encryption. The problem with a MitM attack of any type if that it opens the door for hackers to compromise the sensitive information of any customer using Superfish – whether knowingly or unknowingly.
Passwords, banking details, and other personal information can easily be intercepted by cybercriminals because the information isn’t actually protected by the SSL certificate the session purports to be operating within.
Essentially, all a hacker would need to bypass the PCs built-in web encryption is the password that unlocks the single password-protected certificate authority. Robert David Graham, a security researcher for Errata Security, cracked and published this password which he was easily able to locate with the Superfish malware’s active memory. Any hacker or cybercriminal could do the same thing and begin intercepting the transmissions from any victim using a Lenovo PC with Superfish installed. In response to news of this dangerous security breach, Lenovo has since removed Superfish from new PCs. In an official statement, Lenovo said “"We have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues.
As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues." Regardless of how Lenovo attempts to spin this software as a way to enhance the user experience, security experts agree that the Superfish malware is a blatant man-in-the-middle attack not unlike similar attacks performed by hackers in coffee shops and other public Wi-Fi hotspots around the world.
If you currently use a Lenovo PC manufactured before January 2015, it is recommended that you remove this malware from your system as soon as possible.
This can be accomplished by opening the Microsoft Management Console (mmc.exe) and following the steps below:
1. Click File and Click Add/Remove
2. Choose Certificates and Click Add
3. Choose Computer Account and Click Next
4. Choose Local Computer and Click Finish
5. Click OK
6. Go to Trusted Root Certification Authorities Certificates
7. Locate the certificate issued to Superfish and delete it
It is this simple to remove this potentially dangerous piece of malware permanently and it is recommended that all Lenovo PC users disable Superfish as soon as possible.