Dear Friend of Maxthon,
This note is an update on Superfish, how it works, its relationship to Maxthon browsers and what we are doing to mitigate any issues related to it. Our engineering team has spent a good bit of time examining Superifsh and how it interacts with Maxthon.
Here is what we learned.
Superfish is malvertising software that Lenovo pro-actively pre-installed on several consumer PC product lines in 2013 and 2014. Its purpose is to control part of your web browsing and serve you advertising. It is designed to intercept all encrypted connections, things it shouldn’t be able to see. Superfish accomplishes this in an insecure way that leaves the system open to hackers or NSA-style spies. For example, it can spy on your private bank connections.
Even if you don’t have a Lenovo consumer PC your PC might have this vulnerability because Komodia sold this technology to other malware companies including:
- Atom Security
- Komodia (KeepMyFamilySecure)
- Kurupira (Webfilter)
- Lavasoft (Ad-Aware Web Companion)
- Qustodia and Websecure LTD (Easy Hide IP Classic)
Now, Only the traffic from the browser to the SuperFish internal proxy uses the website’s certificate. The traffic on the Internet still uses the normal website’s certificate, so we can’t tell if a machine is infected by SuperFish by looking at this traffic.
And this is where Maxthon enters the picture.
We are working on a fix for it as we speak and will update all affected browsers via a required browser update when complete.
In the meantime, if you have not already, please take a couple of minutes to test your Windows PC for the presence of Superfish. Use the link for a simple and fast test.
If you do determine you have Superfish, you will need to both uninstall the .exe AND manually remove the bogus CA certificate. This link will show you how remove it completely.
Thank-you for your continued support of Maxthon. We’ll keep you informed of any changes.
Leave a Reply