X
Tech
Home Tech Security

Malware found in Lenovo software package

Computer maker Lenovo is shipping a malware-infected software package to Windows XP users, according to warning from anti-virus researchers at Microsoft.The malicious file was identified by Microsoft as Win32/Meredrop, a Trojan dropper that is used to install and execute multiple malicious executables on an infected computer.
Written by Ryan Naraine, Contributor
Computer maker Lenovo is shipping a malware-infected software package to Windows XP users, according to warning from anti-virus researchers at Microsoft.

The malicious file was identified by Microsoft as Win32/Meredrop, a Trojan dropper that is used to install and execute multiple malicious executables on an infected computer. Other anti-virus vendors are detecting the threat as a 'hooligan' virus or a porn dialer. It was found the Lenovo Trust Key software for Windows XP, a digitally signed driver package available to Windows XP SP2 users.

The infected software is used to install the Lenovo Security Logon and the Lenovo Private folder applications for use with the Lenovo Trust Key (also known as Lenovo Insider Key).

[ SEE: Malware-infected USB drives distributed at security conference ] My sources tell me the Lenovo package contains lots of files, including the one with the embedded malware.  At first glance, the malicious file contains functional, but buggy code and attemps to infect files, spread across the network and USB drives.

Lenovo has been notified and is investigating the issue.

UPDATE: Lenovo has removed the compromised download from its Web site.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

GOTRAX 4 electric scooter

The Jackery Explorer 1000 is one of the best portable power stations you can buy, and it's on sale

AI coding concept

Can Meta AI code? I tested it against Llama, Gemini, and ChatGPT - it wasn't even close