Superfish was an advertising company that developed various advertising-supported software products based on a visual search engine. The company was based in Palo Alto, California. It was founded in Israel in 2006 and has been regarded as part of the country's "Download Valley" cluster of adware companies. Superfish's software is malware and adware. The software was bundled with various applications as early as 2010, and Lenovo began to bundle the software with some of its computers in September 2014. On February 20, 2015, the United States Department of Homeland Security advised uninstalling it and its associated root certificate, because they make computers vulnerable to serious cyberattacks, including interception of passwords and sensitive data being transmitted through browsers.

Superfish was founded in 2006 by Adi Pinhas and Michael Chertok. Pinhas is a graduate of Tel Aviv University. In 1999, he co-founded Vigilant Technology, which "invented digital video recording for the surveillance market", according to his LinkedIn profile.^{[better source needed]} Before that, he worked at Verint, an intelligence company that analyzed telephone signals and had allegedly tapped Verizon communication lines. Chertok is a graduate of Technion and Bar-Ilan University with 10 years of experience in "large scale real-time data mining systems".

Since its founding, Superfish has used a team of "a dozen or so PhDs" primarily to develop algorithms for the comparison and matching of images. It released its first product, WindowShopper, in 2011. WindowShopper immediately prompted a large number of complaints on Internet message boards, from users who did not know how the software had been installed on their machines.

Superfish initially received funding from Draper Fisher Jurvetson, and to date has raised over $20 million, mostly from DFJ and Vintage Investment Partners. Forbes listed the company as number 64 on their list of America's most promising companies.

Pinhas in 2014 stated that "Visual search is not here to replace the keyboard ... visual search is for the cases in which I have no words to describe what I see."

As of 2014, Superfish products had over 80 million users.

In May 2015, following the Lenovo security incident (see below) and to distance itself from the fallout, the team behind Superfish changed its name and moved its activities to JustVisual.com.

Users had expressed concerns about scans of SSL-encrypted web traffic by Superfish Visual Search software pre-installed on Lenovo machines since at least early December 2014.^{[citation needed]} This became a major public issue, however, only in February 2015. The installation included a universal self-signed digital certificate issued by certificate authority; the certificate authority allows a man-in-the-middle attack to introduce ads even on encrypted pages. The digital certificate had the same private key across laptops; this allowed third-party eavesdroppers to intercept or modify HTTPS secure communications without triggering browser warnings by either extracting the private key or using a self-signed certificate. On February 20, 2015, Microsoft released an update for Windows Defender which removes Superfish. In an article in Slate tech writer David Auerbach compares the incident to the Sony DRM rootkit scandal and says of Lenovo's actions, "installing Superfish is one of the most irresponsible mistakes an established tech company has ever made." On February 24, 2015, Heise Security published an article revealing that the certificate in question would also be spread by a number of applications from other companies including SAY Media and Lavasoft's Ad-Aware Web Companion.