HP; Beware there is a keylogger installed

Security company modzero AG from Switzerland reports that some HP devices have one installed που υπάρχει στα drivers .

The keylogger is built into the (οδηγό) καταγράφει όλες τις πληκτρολογήσεις που κάνουν οι χρήστες του συστήματος και τις αποθηκεύει σε ένα log which it calls MicTray.log and stores it in the path:

C:\Users\\

Note that the log is saved in the public folder and not in that user's folder.

The publication of the security company naturally raises several questions. First, why need a keylogger in the audio driver and, second, how do we make sure it does not run on HP devices.keylogger

The first thing to know is that only HP devices seem to be affected by the company's discovery. modzero AG reports that the HP EliteBook, HP ProBook, HP Elite and HP ZBook with Windows 7 and Windows 10 operating systems are affected. You can see the full list of affected devices at which exists at the end of the post.

The security company reports that if t some HP (Hewlett-Packard) device you should check if the files exist

C: \ Windows \ System32 \ MicTray64.exe

and

C: \ Windows \ System32 \ MicTray.exe

If there are, you need to delete or rename them to stop the keylogger.

In addition, you should check for the existence of the file

C: \ Users \ Public \ MicTray.log

If it exists, delete it.

All your keystrokes are recorded in this text file, and may contain sensitive information such as authentication data, credit card numbers, personal chat messages, and / or emails. Note, however, that this file is replaced after each link.

This may be backed up, file history, or other services that make copies of the file and may have stored earlier versions of the file. So you should be sure to delete these files to avoid leaks.

The executable MicTray file (in the 64 or 32-bit variant) is installed with the Conexant audio driver. The program is scheduled to run immediately after the user enters, and so it begins to immediately record its keystrokes.

Its main function is to provide functionality between the device keys and certain audio driver features, such as mute the microphone.

Modzero AG reports on keylogging:

Key tracking is added by applying a low-level keyboard input hook function that is installed and calls SetwindowsHookEx ().

You will probably wonder why the keylogger was added to the driver. Modzero AG states:

In fact, the purpose of the software is to recognize if a special key has been pressed or released. But the developer has introduced various diagnostics and debug to ensure that all keystrokes are either broadcast through the debug interfaces or written to the log file located in a public folder on the hard drive.

________________________________________________

Users handling affected HP devices should ensure that this software is not updated. If it is updated, it will reinstall the application that performs the keylogging and we deleted above….

https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt

iGuRu.gr The Best Technology Site in Greecefgns

Get the best viral stories straight into your inbox!

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).