Google: 5 Million Users Affected with Lenovo's Superfish Adware

Lenovo Superfish adware affecting 5M users according to Google Research

There are 5 million Google users who are affected by the adware from Lenovo laptops, the Internet search engine has revealed.

A few months ago, Lenovo has confirmed that an adware-called the "Superfish," is installed in some of its notebooks. The Chinese laptop and smartphone manufacturer has even released instructions on how users can completely remove the intrusive adware.

However, according to a recent research led by Google and UC Berkeley, there are still computers infected by the malicious adware, and they are strong in numbers, which is five million.

"Our results reveal that ad injection has entrenched itself as a cross-browser monetization platform that impacts tens of millions of users around the globe. Our client-side telemetry finds that 5.5% of unique daily IP addresses visiting Google properties have at least one ad injector installed. The most popular, superfish.com, injects ads into more than 16,000 websites and grossed over $35 million in 2013 according to financial reports," the researchers revealed.

The study was performed from June 2014 to October 2014 on computers that visited Google, and checked whether ads "were being injected locally." While five million is a great number, this might still be underestimated as malwares typically avoid popular sites such as Google to avoid getting detected.

While Superfish is the most popular among all other adware, there were shopping programs that were discovered as well. Netcrawl, Jollywallet, and Crossrider are websites operate as legitimate businesses, but inject bogus ads on unsuspecting users.

What is an ad injector?

"We broadly refer to ad injectors as any binary, extension, or network ISP that modifies a page's content to insert or replace advertisements, irrespective of user consent. This definition notably excludes programs that remove advertisements (e.g.,ad block software). Ad injectors can negatively impact a user's browsing experience, security, and privacy," the study explains.

Lenovo, however, did not find any breach of security with the pre-installation of Superfish, and has dismissed concerns brought about by the issue. According to a Lenovo spokesperson, they have already thoroughly investigated the technology, and did not find any reason for it to compromise user security.