Researchers have Found Keylogger in HP Audio Driver

Posted on May 12, 2017 at 4:52 PM

Researchers have Found Keylogger in HP Audio Driver

It’s strongly suggested that everyone who owns and uses HP computer should check if they have C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe installed.

If you do find one of these executables, then you have an active keylogger that’s able to record every key press, and you need to rename it immediately. Most of the time, when someone discovers a new keylogger and reports it publicly, it turns out to be a malicious spyware. Everyone affected then respond to the threat, and it’s usually dealt with. This time, however, a keylogger was found on HP computers, and it turned out not to be malicious. The result is that the company isn’t doing anything to deal with it, at least for now.

The party responsible for discovering this keylogger is the security company modzero AG, and they found it in an audio driver that was installed on an HP system. They immediately contacted HP and told the company about the keylogger’s existence. However, HP Enterprise decided that they won’t take responsibility as long as HP Inc. and Conexant Systems Inc. are ignoring the issue. This is what brought modzero’s decision to go public with this information.

Selling systems that have an active keylogger installed on them can only happen for malicious reasons. However, it’s more likely that the developers’ negligence is the reason for this situation.

The infected software is a part of HP’s driver package, and its audio chips were created by the company called Conexant Systems.

This company’s circuits have appeared on many sound cards, for which they also provide drivers. In this particular case, some of the special key presses are supposed to turn on and off several functions, like the microphone, or recording LED.

However, the problem occurred when modzero discovered that the software that was supposed to only recognize these special key presses actually records and stores every one of them. All of the recorded key presses are stored in a plain text file found at:

C:\Users\Public\MicTray.log. Anyone with access to the computer itself was access to this file.

Even though this log gets overwritten every time the user logs back into the computer, it still logs everything that’s pressed during one use, including all of the entered passwords.

Many have agreed that logging all of the key presses just for the purpose of detecting the special ones is ridiculous and that there must be a better way to deal with this. As we mentioned at the beginning of this text, you can stop this logging by renaming the mentioned executable files. However, if you do it, the special key functionality will stop working completely as well. It’s suggested that Conexant and HP should deal with this problem as soon as possible.


Share this:

Related Stories:

Aug 28, 2023
How VPNs Can Defend Against the Threat of Hacking
Mar 23, 2023
Top Cybersecurity Threats to Look Out for in 2023 and How to Stay Protected
Koddos

Newsletter

Get the latest stories straight
into your inbox!

Popular Articles

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Aug 28, 2023
1.2 million customers of Mom’s Meals were affected after the recent data breach
Aug 28, 2023
How VPNs Can Defend Against the Threat of Hacking
Aug 23, 2023
Terra Developers Shut Down Website Amid A Phishing Campaign

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading