WARNING: Audio driver in HP laptops secretly saves all your passwords.

Keylogger Found in Audio Driver of HP Laptops.

Audio driver in HP laptops secretly saves all your passwords

The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user’s keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look.

If you have a HP laptop, chance is that whatever password, email id, bank account details, social media logins you would have entered could be now stored in a local file on the system without users permission. It can be accessible to any third party app or person with access to your laptop.

Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today.

Keylogger found in preinstalled audio driver

According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version 1.0.0.46 and earlier.

This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe).

This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file “monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys.”

This behavior, by itself, is not a problem, as many other apps work this way. The problem is that this file writes all keystrokes to a local file at:

C:\users\public\MicTray.log

Speaking on conditions of anonymity, the CEO of one of the largest cybersecurity firms in Asia says that it was not correct on part of HP to ship a system with keylogger in an active state. “The company which manufacturers the firmware will claim it to be safe but it’s the duty of the OEM to do a second degree check. Any such firmware should never have recorded your keystroke.”

Keylogger feature confirmed in HP laptops:

Modzero researchers said they found the Conexant HD Audio Driver Package preinstalled on 28 HP laptop models. Other hardware that uses this driver may also be affected, but investigators haven’t officially confirmed that the issue affects other manufacturers.

  1. HP EliteBook 820 G3 Notebook PC

  2. HP EliteBook 828 G3 Notebook PC

  3. HP EliteBook 840 G3 Notebook PC

  4. HP EliteBook 848 G3 Notebook PC

  5. HP EliteBook 850 G3 Notebook PC

  6. HP ProBook 640 G2 Notebook PC

  7. HP ProBook 650 G2 Notebook PC

  8. HP ProBook 645 G2 Notebook PC

  9. HP ProBook 655 G2 Notebook PC

  10. HP ProBook 450 G3 Notebook PC

  11. HP ProBook 430 G3 Notebook PC

  12. HP ProBook 440 G3 Notebook PC

  13. HP ProBook 446 G3 Notebook PC

  14. HP ProBook 470 G3 Notebook PC

  15. HP ProBook 455 G3 Notebook PC

  16. HP EliteBook 725 G3 Notebook PC

  17. HP EliteBook 745 G3 Notebook PC

  18. HP EliteBook 755 G3 Notebook PC

  19. HP EliteBook 1030 G1 Notebook PC

  20. HP ZBook 15u G3 Mobile Workstation

  21. HP Elite x2 1012 G1 Tablet

  22. HP Elite x2 1012 G1 with Travel Keyboard

  23. HP Elite x2 1012 G1 Advanced Keyboard

  24. HP EliteBook Folio 1040 G3 Notebook PC

  25. HP ZBook 17 G3 Mobile Workstation

  26. HP ZBook 15 G3 Mobile Workstation

  27. HP ZBook Studio G3 Mobile Workstation

  28. HP EliteBook Folio G1 Notebook PC

The Conexant HD Audio Driver Package has versions for the following operating systems:

  1. Microsoft Windows 10 32-Bit

  2. Microsoft Windows 10 64-Bit

  3. Microsoft Windows 10 IOT Enterprise 32-Bit (x86)

  4. Microsoft Windows 10 IOT Enterprise 64-Bit (x86)

  5. Microsoft Windows 7 Enterprise 32 Edition

  6. Microsoft Windows 7 Enterprise 64 Edition

  7. Microsoft Windows 7 Home Basic 32 Edition

  8. Microsoft Windows 7 Home Basic 64 Edition

  9. Microsoft Windows 7 Home Premium 32 Edition

  10. Microsoft Windows 7 Home Premium 64 Edition

  11. Microsoft Windows 7 Professional 32 Edition

  12. Microsoft Windows 7 Professional 64 Edition

  13. Microsoft Windows 7 Starter 32 Edition

  14. Microsoft Windows 7 Ultimate 32 Edition

  15. Microsoft Windows 7 Ultimate 64 Edition

  16. Microsoft Windows Embedded Standard 7 32

  17. Microsoft Windows Embedded Standard 7E 32-Bit

HP did not respond to a request for comment from Bleeping Computer in time for this article’s publication.

Here’s how to Check for and Remove the HP MicTray64 Keylogger

According to modzero, to check for and remove the HP MicTray64.exe keylogger, you should follow these steps:

  1. Open Task Manager and check for a running process called MicTray64.exe. If this process exists, close it.

  2. Navigate to c:\Windows\System32\MicTray64.exe and move the file to your Desktop.

  3. Now check if the file C:\Users\Public\MicTray.log exists. If it does, move this file to the Desktop as well.

  4. Now that the keylogger has been removed and you have isolated the log files, let’s take a look at what was logged.

  5. Open the MicTray.log file on your desktop and examine the contents. If you notice that login names, passwords, banking info, or any other sensitive login info has been logged, you should immediately change your passwords at the associated accounts.

After following the steps, the keylogger will no longer be active and will not start on reboot.

Hope This Helps!

Please…  Like … Share… Comment… Follow…

Information Brought To You By Biovolt Corporation.

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s