Lenovo, the world’s largest PC manufacturer by volume, has apologised to customers after the US Department of Homeland Security warned computers from the company were preloaded with malware that intercepts encrypted data.
The preinstalled malware, known as Superfish, intercepts and decrypts secured HTTPS connections, which are used to send sensitive information such as bank login details over the internet, and uses that information to spam users with ads. That information is then re-encrypted, meaning the end user does not receive a browser warning about the attack.
The malicious software targets traffic across all popular web browsers, including Microsoft Internet Explorer, Google Chrome, Mozilla Firefox and Opera. According to US Homeland Security, IT professionals can identify an infected machine by looking for HTTP GET requests to superfish.aistcdn.com.
In an official statement on its website, Lenovo says third-party software containing the malware was preinstalled in some of its consumer notebooks between September 2014 and February 2015. It said Lenovo desktop PCs, tablets, Motorola-branded smartphones, ThinkPad devices, servers and enterprise storage products are not affected.
“The goal [in installing Superfish] was to improve the [users’] shopping experience… We acted swiftly and decisively once these concerns began to be raised. We apologise for causing any concern to any users for any reason – and we are always trying to learn from experience and improve what we do and how we do it,” Lenovo said in the statement.
The company has also posted an automatic removal tool on its support website that can remove Superfish from infected computers.