Beware! Several HP models come with built-in KeyLogger

HP (Hewlett-Packard) is one of the most popular laptop brands over the world. There is a big chance that you are reading this article on an HP laptop if you own one just drop everything you are doing and listen carefully.

We are all aware that Lenovo uses to install Rootkit on their laptops, but now it’s HP’s turn installing the keylogger on their laptops. Keylogger basically monitors everything you type on your laptop including your passwords and credit card details. This warning has been issued on Thursday when Swiss Security researcher known as ModZero discover that his laptop’s audio driver has installed a keylogger secretly when being updated. The apps which have a similar function to keylogger stores the data in an unencrypted file on the laptop which is accessible for public.

ModZero researcher wrote “On the basis of meta-information of the files, this keylogger has already existed on HP computers since at least Christmas 2015.”, ModZero also said the log file is overwritten every time the computer is booted up.

According to researchers, the flawed code (CVE-2017–8360) written by HP was poorly implemented, it was meant to log only the keys related to media but it ended up logging all the keys. HP said that they were aware of the bug and that their app was recording keys, they never accessed any of their customer’s data.

“So what’s the point of a keylogger in an audio driver? Does HP deliver pre-installed spyware? Is HP itself a victim of a backdoored software that third-party vendors have developed on behalf of HP?” Modzero researchers question HP.

How to Check if You are Affected and Prevent Yourself

If any of these two following files exist in your system, then this keylogger is present on your PC:

  • C:\Windows\System32\MicTray64.exe
  • C:\Windows\System32\MicTray.exe

If any of the above files exist, Modzero advises that you should either delete or rename the above-mentioned executable file in order to prevent the audio driver from collecting your keystrokes.

“Although the file is overwritten after each login, the content is likely to be easily monitored by running processes or forensic tools,” researchers warned. “If you regularly make incremental backups of your hard-drive — whether in the cloud or on an external hard-drive — a history of all keystrokes of the last few years could probably be found in your backups.”

Also, if you make regular backups of your hard drive that include the Public folder, the keylogging file in question may also exist there with your sensitive data in plain text for anyone to see. So, wipe that as well.

Like what you read? Give David Kevork a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.