The last several days have been filled with reports of Lenovo shipping malware infected computers capable of intercepting and decrypting HTTPS communications. The malware is called Superfish and it hijacks SSL connections using a man-in-the-middle attack. But it’s not just Lenovo computers that are at risk. Superfish is made by a company called Komodia. The same technology used in Superfish is available in other software applications that Komodia distributes.
- CartCrunch Israel LTD
- WiredTools LTD
- Say Media Group LTD
- Over the Rainbow Tech
- System Alerts
- Objectify Media Inc
- Catalytix Web Services
I think the bigger concern is the actual Lenovo computers and not the applications listed above. Here’s a list of the Lenovo models that may be impacted.
Flex2 14, Flex2 15, Flex2 14D, Flex2 15D, Flex2 Pro, Flex 10
G410, G510, G710, G40-30, G40-45, G40-70, G40-80, G50-50, G50-45, G50-70, G50-80, G50-80Touch
Lenovo Edge 15
Miix2 – 8, Miix2 – 10, Miix2 – 11, Miix 3 – 1030
S310, S410, S415, S415 Touch, S435, S20-30, S20-30 Touch, S40-70
U330P, U430P, U330 Touch, U430 Touch, U540 Touch
Y430P, Y40-70, Y40-80, Y50-70, Y70-70
Yoga2-11, Yoga2-13, Yoga2Pro-13, Yoga3 Pro
Z40-70, Z40-75, Z50-70, Z50-75, Z70-80
I’m glad to see that our models didn’t make the list. No matter, we still scanned the machines just to make sure. How do you know if your Lenovo machine has Superfish installed? Ars technica has a post to help you deal with the Superfish installation. You can also use Windows Defender and McAfee to remove the malware.