Some HP Business Laptops Come with Integrated Keylogger


Security researchers discovered spyware in some HP business laptops.

HP Inc. has released some impressive products as of recently. However, they seem to be working against their new owners. Security researchers posted a new report disclosing that some HP business laptops come with preinstalled malicious presences in it. It appears that these are performing keystroke logins, meaning they record any keys users struck on their keyboards.

Spyware Hid in Conexant Audio Driver of Some HP Business Laptops

On Thursday, ModZero, a Swiss security group, posted a report. This document reveals a discovery according to which something is wrong with two dozen models of HP business laptops and tablets. The curious software that had a conspicuous behavior is a preloaded audio driver, Conexant. Many notebooks are shipped with this program.

“This type of debugging turns the audio driver effectively into keylogging spyware.”

The main job of Conexant is to make sure users are hitting the right keys to activate different audio functions. Instead, the program is actually recording all keystrokes, irrespective of whether these combinations concern the audio segment or not. This means that it has a keylogger function. Recorded key combinations are then sent to either a debugging interface or to a log file. This document is actually present in the C drive of the computer.

The Faulty Executable Might Have Been Working Since Christmas 2015

ModZero researchers are concerned about the extent of this glitch. They believe that this spyware was active since Christmas 2015. The log file is deleted every time the user turns off the computer. However, the recorded data might have several ways to which they can survive the discharge for weeks. For instance, there can be some forensic tools in place that help them restore their deleted information.

As a consequence, the keylogger spyware might have released private data such as e-mails, contacts, and credentials out there. ModZero recommends owners of HP business laptops and tablets to check if they have program C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe installed. In case they find this, users can simply eliminate it altogether or rename the executable.

Image source: 1


Leave a Reply

Your email address will not be published. Required fields are marked *