HP; Beware there is a keylogger installed

Security firm modzero AG from Switzerland reports that some HP devices have a keylogger installed on audio drivers.

The keylogger is built into the driver lists all the keystrokes that system users make and stores them in a log file that names MicTray.log and stores it in the path:

C: \ Users \ Public \

Note that the log is saved in the public folder and not in that user's folder.

The publication of the security company naturally raises several questions. First, why need a keylogger in the audio driver and, second, how do we make sure it does not run on HP devices.keylogger

The first thing you need to know is that only HP devices seem to be affected by the discovery of the company. Modzero AG says the HP EliteBook, HP ProBook, HP Elite, and HP ZBook models with Windows 7 and Windows 10 are affected. You can see the full list of affected devices in the link at the end of the publication.

The security company reports that if you are using an HP (Hewlett-Packard) device you should check if the files are in use

C: \ Windows \ System32 \ MicTray64.exe

The estate provides stunning sea views and offers a unique blend of luxury living and development potential

C: \ Windows \ System32 \ MicTray.exe

If there are, you need to delete or rename them to stop the keylogger.

In addition, you should check for the existence of the file

C: \ Users \ Public \ MicTray.log

If it exists, delete it.

All your keystrokes are recorded in this text file, and may contain sensitive information such as authentication data, credit card numbers, private chat messages or even emails. Note, however, that this file is replaced after each .

So it can exist in , file history or other services that create copies of the file and may have stored previous versions of it. So you should be sure to delete these files as well to avoid any leaks.

The MicTray executable (in the 64 or ) is installed with the Conexant audio driver. The program is scheduled to run immediately after the user logs in, so it starts recording their keystrokes immediately.

Its main function is to provide functionality between the device keys and certain audio driver features, such as mute the microphone.

Modzero AG reports on keylogging:

Key tracking is added by applying a low-level keyboard input hook function that is installed and calls SetwindowsHookEx ().

You will probably wonder why the keylogger was added to the driver. Modzero AG states:

In fact, the purpose of the software is to recognize if a special has been pressed or released . But the developer has introduced various diagnostics and debug to ensure that all keystrokes are either broadcast through the debug interfaces or written to the log file located in a public folder on the hard drive.

________________________________________________

Users handling affected HP devices should ensure that this software is not updated. If it is updated, it will reinstall the application that performs the keylogging and we deleted above….

https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















giorgos

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).