[dogma1138]

While SuperFish was a security risk it wasn't a "malware", there is a difference between various really stupid and blatant backdoors and other security risks and actual malware.

Lenovo didn't use it to steal user's data they could care less about it, but some one could abuse it to compromise users both through compromising SuperFish it self and by exploiting the fact that SuperFish will issue certificates to SSL websites even if the original certificate isn't really valid which will allow attackers to MITM SSL connections.

Sony also had distributed software that could be classified as backdoors or rootkits in it's CD's as DRM, many other companies also had similar incidents.

While it's a stupid practice and quite unfair to your customers you can't really call it malicious since they didn't really used it for that just never thought it quite true or didn't care enough in the first place.

The packages in this case seem to be actual malware and not some adware/unwanted software installed by the vendors which while might be a security risk wasn't intended to actually compromise the user.