Categories: MalwareSecurity news

Superfish VisualDiscover : Lenovo PCs come with pre-installed adware and MITM proxy

What You Need to Know About Superfish, The man-in-the-middle Adware Installed on Lenovo PCs

The Lenovo PCs apparently come with pre-installed adware that uses Man-in-the-middle method to inject any ad into any page however trusted and secure.

This was noticed by Lenovo users and posted on Lenovo forums. Another researcher and Lenovo user Marc Rogers has also published a detailed analysis on his blog.

He states that,

A pretty shocking thing came to light this evening – Lenovo is installing adware that uses a “man-in-the-middle” attack to break secure connections on affected laptops in order to access sensitive data and inject advertising. As if that wasn’t bad enough they installed a weak certificate into the system in a way that means affected users cannot trust any secure connections they make – TO ANY SITE.


The adware which is called Superfish Visual Discovery software also uses MITM SSL certificates which is only possible by installing a self signed certificate from designated authority, which is Lenovo in this case.

Another user, Kenny White tweeted :

Thus Lenovo is fraudulently using malware to intercept secure connections and collect the unencrypted data, as a poster on the Lenovo forums showed. However Lenovo tends to disagree.  A Lenovo administrator took to the forum to explain what Superfish does:

“To be clear, Superfish comes with Lenovo consumer products only and is a technology that helps users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers that may have lower prices, helping users search for images without knowing exactly what an item is called or how to describe it in a typical text-based search engine,” he said.

“Superfish technology is purely based on contextual/image and not behavioral. It does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has option not to accept these terms, i.e., Superfish is then disabled.”

The Superfish VisualDiscovery features which are harmful and irksome are given below :

  • Hijacks legitimate connections.
  • Monitors user activity.
  • Collects personal information and uploads it to it’s servers
  • Injects advertising in legitimate pages.
  • Displays popups with advertising software
  • Uses man-in-the-middle attack techniques to crack open secure connections.
  • Presents users with its own fake certificate instead of the legitimate site’s certificate.

The Lenovo admin have stated that they have temporarily removed Superfish from their customers PC’s till the issue raised in the forum and by cyber security experts is address. For the PCs already sold or being held as inventory by the stores, Lenovo said that, “As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.”

The Superfish malware issue shows that how major tech companies use their monopolies in the market to victimize users with unwanted and dangerous strategies.


Recent Posts

  • Laws and Legalities
  • News

Cloudflare requested to expose Showbox, YTS and Popcorn Time site operators

Movie studios obtain subpoena that orders Cloudflare to expose piracy site operators including Showbox, YTS and Popcorn Time site A group…

11 hours ago
  • Laws and Legalities
  • Security news

Mirai botnet masterminds helping FBI to avoid jail time

Mirai botnet creators avoid prison time by assisting FBI as part of their sentencing Remember the three young hackers who…

12 hours ago
  • leak
  • News

Winamp’s new beta version 5.8 leaks online

Winamp 5.8 beta leak surfaces on the web A beta version of the upcoming Winamp 5.8 has been leaked online…

1 day ago
  • Security news
  • Technology

Developer of Terrarium TV says he could hand over user info to authorities

Details of Terrarium TV users could be handed to authorities, developer says Terrarium TV had recently announced that it would be…

2 days ago
  • Explanatory
  • Gaming

How To Add Bots To Discord Server; Working-2018

Discord is possibly the best cross-platform voice and text chat service for gamers. Well, adding bots to discord server makes…

2 days ago
  • Apple
  • Security news

iOS web attack crashes, causes iPhones or iPads to restart

This new CSS-based web attack can crash and restart iPhones or iPads and can cause a Mac computer to freeze…

3 days ago