Lenovo has been caught using a technique, often used by some malware to withstand being deleted, to reinstall unwanted software on the computers it sells.
As reported on a number of forums and news-sharing sites, some users have accused the computer maker of overwriting Windows files to ensure its own-brand software and tools were installed -- even after a clean install of the operating system.
The issue was first reported as early as May, but was widely reported Tuesday.
The "rootkit"-style covert installer, dubbed the Lenovo Service Engine (LSE), works by installing an additional program that updates drivers, firmware, and other pre-installed apps. The engine also "sends non-personally identifiable system data to Lenovo servers," according to the company. The engine, which resides in the computer's BIOS, replaces a core Windows system file with its own, allowing files to be downloaded once the device is connected to the internet.
It's not the first time Lenovo has been caught in a privacy-related pickle.
Earlier this year, the computer maker was forced to admit it had installed Superfish adware over a three-month period on new machines sold through retail channels. The adware had the capability to intercept and hijack internet traffic flowing over secure connections, including online stores, banks, among others.
Users were told they should "not use their laptop for any kind of secure transactions until they are able to confirm [the adware] has been removed," security researcher Marc Rogers told ZDNet at the time.
It was thought as many as 16 million consumers and bring-your-own-device users were affected by the preinstalled adware.
Lenovo could not be immediately reached for comment on Wednesday.
How to secure your computer and online accounts in 10 simple steps