News

Same Tech Used in Lenovo Superfish Software found in Twelve Other Apps

The SSL-busting technology recently discovered to be pre-installed on Lenovo laptops has been found as part of another 12 pieces of software, including Trojan malware. The HTTPS-bypassing code, developed by Israeli company Komodia, was a part of the now-infamous Superfish software found on-board Lenovo laptops.

Matt Richard, threat researcher for the Facebook security team, revealed the extent of the code’s reach in a post on Friday, writing, “What all these applications have in common is that they make people less secure through their use of an easily obtained root CA [certificate authority], they provide little information about the risks of the technology, and in some cases they are difficult to remove.”

He continued,  “Furthermore, it is likely that these intercepting SSL proxies won’t keep up with the HTTPS features in browsers (e.g., certificate pinning and forward secrecy), meaning they could potentially expose private data to network attackers. Some of these deficiencies can be detected by antivirus products as malware or adware, though from our research, detection successes are sporadic.”

Even the developer Komodia calls one of its SDKs an “SSL hijacker”, so it’s no surprise that the code has found its way into malicious software. The malware, Trojan.Nurjax, was first discovered back in December. According to Symantec, the malware “hijacks the Web browser on the compromised computer and may download additional threats.”

Lenovo has apologised for inflicting the HTTPS-breaking code upon is customers and has released a program to aid removal of the Superfish software.

Source: Ars Technica

Ashley Allen

Disqus Comments Loading...

Recent Posts

God of War Ragnarok Art Dir. Joins Naughty Dog to Work on Neil Druckmann’s New Game

Rafael "Raf" Grassetti, a highly respected and accomplished artist in the video game industry, is…

13 hours ago

Path of Exile 2 is Already One of the 15 Most Played Games Ever on Steam

There’s no doubt about the incredible success of Path of Exile 2’s launch, which has…

13 hours ago

New Borderlands 4 Trailer to be Shown at The Game Awards 2024

The official Twitter account for the Borderlands series has confirmed that Borderlands 4 will debut…

14 hours ago

The Raspberry Pi 500 and Raspberry Pi Monitor Goes On Sale

Raspberry Pi enthusiasts rejoice! The much-anticipated Raspberry Pi 500, a powerful new computer built into…

18 hours ago

Intel Arc B580 Vulkan and OpenCL Results Leak, Showing Similar Performance to RTX 4060

We are just days away from seeing Intel’s new Arc B series graphics cards in…

18 hours ago

ViewSonic Preparing 27-inch 520Hz OLED Monitor for CES 2025

ViewSonic is set to unveil a groundbreaking 27-inch OLED monitor at the upcoming CES, featuring…

19 hours ago