September 25, 2018
September 20, 2018
Posted March 5, 2015
Superfish Adware Acting as “Man-In-The-Browser” Business and Banking Malware Is Outlined in the Latest ThreatMetrix Labs Report
Not familiar with Superfish? Ask any buyer of a Lenovo laptop purchased between October and December 2014 whose computer came preinstalled with the adware. But don’t think you’re going to hear kudos.
“Superfish Adware – A Closer Look”
Komodia’s library vulnerable
The report also goes into issues associated with Superfish and other adware tools that use Komodia’s library for ad injection installing a Certificate Authority (CA) into users’ browsers. Protected only by easily-obtained, weak passwords, it’s no trouble at all for cybercriminals to create fake, legitimate-looking website certificates.
Andreas Baumhof, ThreatMetrix’s CTO, on the increasing adware threat
“Data from the ThreatMetrix Global Trust Intelligence Network shows that the Superfish Adware has been an increasing threat since October 2014. While this isn’t a new threat, its recent exposure has left many businesses and consumers questioning what they should know about its threats and how to protect against it. Since it has been around for some time and ThreatMetrix has long had capabilities to detect these kinds of threats, we provide technical details surrounding Superfish and its implications.”
ThreatMetrix’s honeypot detects malware strains
ThreatMetrix provides a malware detection service (a “honeypot”) that allows its customers to detect the presence of malware strains like Superfish in real time without any interference in their customers’ journeys. This information is fully integrated into the analysis by the ThreatMetrix® Global Trust Intelligence Network (The Network).
Notes Baumhof about the honeypot
“Whenever a strain of malware like Superfish grows this rapidly, online businesses and banks struggle to protect their customers against its threats – such as compromised sensitive information – without adding friction to the user experience. ThreatMetrix’s honeypot detection techniques help businesses detect unauthorized webpage modification within a user’s browser as part of the user’s full risk assessment, all without any added steps to the customer journey.”
Authenticating customers in real-time
ThreatMetrix authenticates customer transactions using real-time identity and access analytics that leverage the power of the world’s largest shared intelligence network. The ThreatMetrix solution already protects leading online businesses and financial institutions against account takeover, payment fraud, and fraudulent account registrations as a result of stolen credentials obtained from malware, social engineering, phishing and data breaches.
The public ThreatMetrix Labs report can be downloaded here.