Lenovo’s startpage served Teslacrypt ransomware

Lenovo’s startpage served malicious code that tried to infect visitors with ransomware. The affected page is startpage.lenovo.com which contains news, weather information and games. According to the Finnish security company F-Secure the page served malware last Sunday, the 13th of March.

myce-lenovo-startpage

Users were silently redirected to an Angler exploit kit that tried to infect users with Teslacrypt ransomware by exploiting known vulnerabilities in Adobe Flash, Internet Explorer and Silverlight. Visitors to the site with unpatched versions of those applications could be infected with the Teslacrypt ransomware which encrypts files and then demands ransom to decrypt them.

It’s not the first time Lenovo is in the news for malware, the company was caught installing rootkits, it’s update tool contained a serious backdoor and some laptops were shipped with pre-installed advertisement injecting adware