The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission.

New Lenovo computers install dangerous malware that could allow hackers to spy on users

‘Superfish’ adware puts ads onto websites without users’ permission, and could leave the computer vulnerable

Andrew Griffin
Thursday 19 February 2015 09:52

New Lenovo computers came shipped with software that forced ads onto the users and could have left them vulnerable to hacking.

The adware, known as “Superfish”, was made to push new third-party results into internet browsers — similar to the ads seen on sites like Google, but extra and coming from a source that wasn’t immediately identified. The adware meant that some sites wouldn’t render properly and worked slowly, as well as showing the unwanted results.

But as well as installing ads, the way the software works could allow hackers to look in on users’ internet browsing. Facebook engineer Mike Shaver noticed that Superfish installs a “man in the middle” certificate, which allows companies to intercept information as it is passed between a users’ computer and a website.

Superfish is seen by antivirus software as a virus, and they recommend uninstalling it.

The software appears to have been shipped with Lenovo computers since mid-2014.

The only way to be sure that new Lenovo laptops aren’t carrying the adware is to entirely delete windows and re-install it. But given that the software works secretly, most will be unaware it is running, and a clean install of Windows is a complicated and technical process that many consumer users might be unaware of.

But some users have posted more simple ways of removing the software online.

Lenovo has admitted that the software was being installed on new machines, but said that it has now “temporarily removed” it from new products. The software will stay off new computers “until such time as Superfish is able to provide a software build that addresses these issues”, Lenovo said.

"Lenovo removed Superfish from the preloads of new consumer systems in January 2015," a Lenovo spokesperson told The Independent. "At the same time Superfish disabled existing Lenovo machines in market from activating Superfish.

"Superfish was preloaded onto a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish."

For users that have already had the computers, Lenovo asks Superfish to release an update that would address some of the problems users were having.

In a forum post explaining the software, Lenovo said that Superfish “is a technology that helps users find and discover products visually”.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in