If you own or use a HP computer it’s time to check whether either C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe in installed. If either is, you have an active keylogger recording all key presses and need to take action by renaming the executable file.
Usually when a new keylogger is discovered and reported about publicly, it’s found to be malicious spyware and the parties affected have responded to the threat. However, in this case the opposite is true. A keylogger was discovered running on HP computers that isn’t malicious and the company isn’t doing anything about it yet.
The keylogger was discovered by security company Modzero AG in an audio driver installed on HP systems. Modzero did the responsible thing and made HP aware of its existence. HP Enterprise refused to take responsibility while HP Inc. and the other company involved, Conexant Systems Inc., are ignoring it. So Modzero decided to go public “in accordance with out Responsible Disclosure process.”
Here’s where things get weird. Shipping a system with an active keylogger installed is only really ever going to happen for malicious reasons. But in this case it looks like pure negligence on the part of developers.
The software in question is part of a driver package offered by HP (since Christmas 2015) and related to audio chips manufactured by Conexant. Conexant’s integrated circuits appear on numerous sound cards for which they provide drivers. In this case, special key presses are supported for functions such as turning the microphone and recording LED on or off.
modzero discovered that the software written to detect these special key presses actually records all key presses and stores them in the following plain text log file: C:\Users\Public\MicTray.log for anyone to view. The log is overwritten every time you log back into the computer, but during use it is always recording key presses, which will include any and all passwords entered.
Negligent? Lazy? Call it what you will, but logging all key presses just to detect special key presses is ridiculous. As mentioned above, you can stop it happening by renaming the executable file, however, doing so will stop the special key functionality working. Ideally, HP and Conexant take notice now and fix the problem!
STORY SOURCE: UKPCMAG