Lenovo will be feeling green around the gills following reports of fishy activity taking place on its consumer laptops.
According to posts by users on the company's forum, adware called Superfish has been caught hijacking browsers to inject third-party ads on Google searches and websites without permission.
It apparently does so using self-signed certificates to fool browsers into displaying them. One forum user claimed that the program had intercepted a web connection to their bank, potentially allowing Superfish to collect data without question.
Another, who pledged to return his lurgy-riggen laptop after discovering the adware, described it as, "A blatant man-in-the-middle attack breaking any privacy laws."
In reply to the growing number of posts from disgruntled users, Lenovo administrator Mark Hopkins replied in a separate thread to confirm that Lenovo has removed Superfish from its consumer laptops. The company has also requested that the developer issues a patch to plug the security snafu.
He wrote: "Due to some issues (browser pop up behavior for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues.
"As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues."
It's unknown how many Lenovo laptops containing the software are still on the market. In a statement to TechRadar, Lenovo confirmed that it is still investigating cases related to Superfish.
It said: "Lenovo removed Superfish from the preloads of new consumer systems in January 2015. At the same time Superfish disabled existing Lenovo machines in market from activating Superfish. Superfish was preloaded onto a select number of consumer models only. Lenovo is thoroughly investigating all and any new concerns raised regarding Superfish."