I have had first hand recent experience with this. I bought a new Lenovo laptop at the start of the month.
When I put a new webpage online using my webhost's cPanel to edit the raw HTML everything seemed fine, until a friend asked about a 'best-deals' script running on the page. The Malware / Adware was intercepting & inserting a script not only into pages I was viewing but also pages I was putting online.
Very, very concerning. I have since removed it completely from my system but it's still caused some paranoia. Thankfully it was only a hobby project which was affected & not paid.
They would have to have some sort of software that is able to detect that you are connecting to cpanel and then act on your behalf. That is significantly more involved and more malicious than "just" intercepting html in flight and injecting adds.
If it wasn't intercepted from the cPanel then it may have been intercepted from the HTML file download from JSbin (which I copied into cPanel).
Either way, this was a downloaded HTML file which was then copied into cPanel. I never viewed or edited the file between its download from JSbin & pasting into cPanel.
The Malware was affecting files & not just pages viewed in browser. Nasty stuff.
This is pretty typical behaviour for a proxy, since it has no idea whether the user is viewing the HTML in a browser or just saving it for later use.
I have to bypass my own ad-filtering proxy whenever I download some files, as otherwise it may corrupt them as it attempts to filter out anything it detects as ad-like in the content. Not surprising that this adware would attempt to inject its script into anything it detects as being HTML.
It's much more likely that your web site or server was exploited directly, independent of you owning a Lenovo. This happens frequently; there are sophisticated operations out there scanning for a wide variety of ways into sites and servers. They pay special attention to shared hosting systems, which are not known for their high levels of security.
As soon as he mentioned cPanel that was my assumption. A lot of the control panels are vulnerable in the default install and difficult to secure adequately. Don't get me started on database control panels, I regard phpmyadmin as malware that happens to use uneducated admins as the infection vector.
We can't just dismiss this sort of behavior because you can reformat the computer and "Result: no bloat and no malware". They need to learn that people won't let them get away with this. So no this is unacceptable, I too will never buy nor recommend a Lenovo product in the foreseeable future!
Actually, it would be better to educate the masses they can reformat and install a clean OS, because that is what builds immunity and sends an even clearer message that the additional bloatware they ship is worth nothing.
When I put a new webpage online using my webhost's cPanel to edit the raw HTML everything seemed fine, until a friend asked about a 'best-deals' script running on the page. The Malware / Adware was intercepting & inserting a script not only into pages I was viewing but also pages I was putting online.
Very, very concerning. I have since removed it completely from my system but it's still caused some paranoia. Thankfully it was only a hobby project which was affected & not paid.