Attention! HP Audio Driver Contains Keylogger That Records All Your Key Presses

If you are a user of a HP computer, better check whether C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe is installed. If the computer contains such file, rename it because it contains an active keylogger that records all key presses.

Normally when such a keylogger is found and publicly reported, the affected parties take action against the malicious spyware. In this scenario, it is totally the opposite. A keylogger has recently been discovered on HP computer, but the company ignored the case as it was not malicious. Surprisingly, HP systems have contained this spyware since 2015.

Also Read: New undetectable, file-less computer virus targetting telecom industry globally

Malicious spyware located

A security company Modzero AG found the keylogger hidden in an audio driver set up on HP computers. Acting responsibly, modzero let the HP developers know about its existence, whereas HP Enterprise declined to assume liability. So modzero reported the spyware publicly “in accordance with our Responsible Disclosure process.”

Here’s where the whole case gets suspicious. The only reason a system would contain an active keylogger would be for malicious purpose. Yet the developers are showing pure negligence towards it.

Quick Read: Gooligan malware hacks 1 million Google accounts

How the keylogger works?

HP has been offering the software as a driver package and related audio chips produced by Conexant since December 2015. Numerous sound cards contain Conexant’s integrated circuits for which they offer these drivers. In this situation, unique key presses are upheld for functions; for example, turning the receiver on and recording LED on or off.

What’s more is that modzero found that the program made to recognize these unique key presses really records every key press and stores them in a plain content log document (C:\Users\Public\MicTray.log) for anybody to see. Whenever you turn on your system it overwrites the log. When the system is in use, it records every key press, including any password being entered.

It remains unjustifiable that all key presses be logged just to identify unique key presses. As already suggested, you can rename the file to stop the unique key functionality from working. Hopefully, HP and Conexant would now take action and find a solution for the problem.


Click to comment

Leave a Reply

Your email address will not be published.

To Top