China’s Lenovo Group Ltd., the world’s largest PC maker, said on Thursday that it would no longer preinstall software that cybersecurity experts said was malicious and made devices vulnerable to hacking. Lenovo had come under fire from security researchers who said earlier on Thursday that the company had preinstalled viruslike software from a company called Superfish on consumer laptops that hijacked Web connections and allowed them to be spied upon. Users reported as early as last June that a program, also called Superfish, was “adware,” or software that automatically displays advertisements.
This is exactly what bad guys do with Trojans and other malicious software to trick users to access fake sites to surveil/monitor private communications.
Kevin Bocek, cybersecurity company Venafi executive
Lenovo stopped preloading the software on new computers in January, a company spokesman said. Lenovo also promised that it “will not preload this software in the future” and said it disabled the feature on its servers, which essentially kills the program on everyone’s computer. But it’s unclear which laptop models were affected. A Lenovo representative said the company could not immediately answer these questions.