Users who purchased a Lenovo PC between September 2014 and January 2015 got an extra special surprise in the form of adware that left them wide open to malicious attacks. After two and a half years of legal wrangling, the Federal Trade Commission settled its lawsuit against the company, and it’s hard to imagine that executives learned their lesson.

On Monday, the FTC announced that Lenovo will have to inform its customers of all the software that comes pre-loaded on its products and receive the user’s consent. The company will also be subject to 20 years of audited security checks. 

One more piece of malware adware has been thrust into the spotlight, one that also breaks HTTPS connections, but is arguably worse than Superfish, which was pre-installed on new Lenovo laptops manufactured at the tail end of 2014.

Experts reported that malvertising installs its own certificate and breaks SSL connections by creating a man-in-the-middle vulnerability that can be exploited by anyone to sniff traffic. Superfish makes Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware. However, a new malware adware doesn’t contain the exact vulnerability as Superfish, it likely presents a bigger mess for users.

Lenovo, the largest PC manufacturer in world, admitted to pre-loading the Superfish adware on some consumer PCs. Lenovo has been accused of fatally compromising user security by installing an adware application on all its Windows computers as they leave the factory.

Unhappy customers are now dragging the company to court on the matter. A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with “fraudulent” business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware. The lawsuit was filed after Lenovo admitted to pre-loading Superfish.

Lenovo, the largest PC manufacturer in world, has been accused of fatally compromising user security by installing an adware application on all its Windows computers as they leave the factory.

The software purports to offer users a “visual search” experience. In actual fact, it injects third-party advertisements into Google search results and websites, without asking the user. In order to place adverts on websites served to the user over an encrypted connection, as Google does by default, Lenovo owners report that Superfish software also breaks social security used by every computer to access the internet privately.