HP is quite well-known for its pre-installed software on its laptops and PCs, as with most OEMs, however, while we’ve become accustomed to dealing with pre-installed software (and the process of removing it on a freshly-purchased computer), HP appears to be overstepping its mark by installing a keylogger with the audio driver on some of its laptops (via Bleeping Computer).

The keylogger, packaged with the Conexant HD Audio Driver Package in version 1.0.0.46 and earlier, has been discovered by researchers. With this audio driver comes a file, MicTray64.exe (or MicTray.exe for non-64-bit users), which has a Scheduled Task to run each time the user logs-on to their machine. Essentially, each time a key on the keyboard is pressed, it records it. The keystrokes are then stored in a plaintext file – definitely not a secure way of storing every key pressed on a machine.

The keystroke log is stored at C:\users\public\MicTray.log.

This file can be accessed by other users of the machien or, potentially more worrisome, by any program installed on the computer. Additionally, should the file not exist, it will instead pass the keystrokes to an API named OutputDebugString. This API can then be used by programs, with or without malicious intent, to view the keystrokes directly, in real-time.

So far, 28 models released by HP are known to be affected. Investigators looking into the security issue have not ruled out the potential for other models, and other manufacturers, to also be affected. The following are the known models affected:

Read more: Some HP machines have a keylogger installed with the Audio Driver, heres how to disable it | On MSFT

Posted By: Brink
11 May 2017