The list of software known to use the same HTTPS-breaking technology recently found preinstalled on Lenovo laptops has risen dramatically with the discovery of at least 12 new titles, including one that’s categorized as a malicious trojan by a major antivirus provider.
Trojan.Nurjax, a malicious program Symantec discovered in December, hijacks the Web browsers of compromised computers and may download additional threats. According to a blog post published Friday by a security researcher from Facebook, Nurjax is one such example of newly found software that incorporates HTTPS-defeating code from an Israeli company called Komodia. Combined with the Superfish ad-injecting software preinstalled on some Lenovo computers and three additional applications that came to light shortly after that revelation, there are now 14 known apps that use Komodia technology.
“What all these applications have in common is that they make people less secure through their use of an easily obtained root CA [certificate authority], they provide little information about the risks of the technology, and in some cases they are difficult to remove,” Matt Richard, a threats researcher on the Facebook security team, wrote in Friday’s post. “Furthermore, it is likely that these intercepting SSL proxies won’t keep up with the HTTPS features in browsers (e.g., certificate pinning and forward secrecy), meaning they could potentially expose private data to network attackers. Some of these deficiencies can be detected by antivirus products as malware or adware, though from our research, detection successes are sporadic.”
This software, originally used to inject ads into encrypted (and supposedly secure) web pages, actually make things less secure and allows a man-in-the-middle to capture all your data, including passwords to things like your bank accounts.
They essentially hacked the security of their own system to allow them to sell ads.
These approaches made the user less secure, and never told the user that this was happening. I expect money changed hands to pre-install the software.
Makes one wonder what other things might be used by these guys to make money at the expense of the security of the user?
Maybe a few good lawsuits will change this. Perhaps the rest of the sociopaths will get the message.