threatpost[.]com/keylogger-found-in-audio-drivers-on-some-hp-machines/125600/
An audio driver that comes installed on some HP-manufactured computers records users’ keystrokes and stores them in a world-readable plaintext file, researchers said Thursday.The culprit appears to be version 1.0.0.31 of MicTray64.exe, a program that comes installed with the Conexant audio driver package on select HP machines.
ModZero, a Swiss security firm, found the file–which it calls a keylogger, and disclosed it Thursday via an advisory on its site. Researchers with the firm say the program monitors all keystrokes made by the user and that it’s been programmed to capture and react to functions such as microphone mute/unmute keys/hotkeys.
The keylogger broadcasts the keystrokes through a debugging interface and writes them to a log file, C:\Users\Public\MicTray.log.
Researchers surmised the software has been recording keystrokes since version 1.0.0.31 was released, on Christmas Eve 2015, but stress that the same problem exists in the most recent version, 1.0.0.46, released last October.
It’s unclear if this is a feature or a flaw of the driver, but until it’s sorted out ModZero is encouraging HP computer owners to verify whether MicTray.exe is installed on their machines and delete the executable.“We recommend that you delete or rename the executable files so that no keystrokes are recorded anymore,” Schroeder wrote, “However, the special function keys on the keyboards might no longer work as expected. If a C:\Users\Public\MicTray.log file exists on the hard-drive, it should also be deleted immediately, as it can contain a lot of sensitive information such as login-information and passwords.”