SSL-busting code that threatened Lenovo users found in a dozen more apps

 February 22, 2015

The list of software known to use the same HTTPS-breaking technology recently found preinstalled on Lenovo laptops has risen dramatically with the discovery of at least 12 new titles, including one that’s categorized as a malicious trojan by a major antivirus provider.

Trojan.Nurjax, a malicious program Symantec discovered in December, hijacks the Web browsers of compromised computers and may download additional threats. According to a blog post published Friday by a security researcher from Facebook, Nurjax is one such example of newly found software that incorporates HTTPS-defeating code from an Israeli company called Komodia. Combined with theSuperfish ad-injecting software preinstalled on some Lenovo computers and three additional applications that came to light shortly after that revelation, there are now 14 known apps that use Komodia technology.

 

Read full story…