The HP PC records what the user has typed on the keyboard

"HP(Hewlett-Packard) "secretly records the user's key typing"Keylogger"Sells more than 20 types of PCs and tablets installed, says modzero, an overseas security consulting firm.

[EN] Keylogger in Hewlett-Packard Audio Driver | mod% log
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html


HP laptops covertly log user keystrokes, researchers warn | Ars Technica
https://arstechnica.com/security/2017/05/hp-laptops-covert-log-every-keystroke-researchers-warn/

The keylogger that it is installed on HP PC or tablet is the manufacturer of audio chipConexantIt is said to be included in the device driver developed by. According to modzero, one of the device driver components contains the executable file "MicTray64.exe", which seems to record all keystrokes. The recorded keystrokes are sent to the debug interface or written to log files that can be used on computer C drive.

According to modzero's security researcher, "This type of debug turns the audio driver into an effective keylogger.The keylogger is based on file meta information that it will be on the HP computer since at least 2015 Christmas It is clear that it has collected user's key input information secretly for at least about a year and a half.


In addition, "C: \ Users \ Public \ MicTray.log" is a log file that saves key input information, which seems to be overwritten when the terminal is restarted. However, Modzero points out that it is also possible to keep it for weeks or indefinitely. In addition, it is relatively easy to restore the data saved by the keylogger, because it can easily restore deleted files and overwritten files with the forensic tool. However, it seems that the recorded information will not be uploaded on the Internet without permission.

The terminal on which this keylogger is installed seems to include HP's HP EliteBooks, HP ProBooks, HP ZBooks, HP Elite, etc. You can also check if your computer is in danger by looking at the executable file "C: \ Windows \ System32 \ MicTray.exe" or "C: \ Windows \ System32 \ MicTray64.exe". It is said that modzero is a PC sold by other manufacturers, and those with Conexant's drivers are also likely to be at the same risk.

BleepingComputer.comAccording to, there are 28 types of PCs with keyloggers installed.

Keylogger Found in Audio Driver of HP Laptops
https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/

HP EliteBook 820 G3 Notebook PC
HP EliteBook 828 G3 Notebook PC
HP EliteBook 840 G3 Notebook PC
HP EliteBook 848 G3 Notebook PC
HP EliteBook 850 G3 Notebook PC
HP ProBook 640 G2 Notebook PC
HP ProBook 650 G2 Notebook PC
HP ProBook 645 G2 Notebook PC
HP ProBook 655 G2 Notebook PC
HP ProBook 450 G3 Notebook PC
HP ProBook 430 G3 Notebook PC
HP ProBook 440 G3 Notebook PC
HP ProBook 446 G3 Notebook PC
HP ProBook 470 G3 Notebook PC
HP ProBook 455 G3 Notebook PC
HP EliteBook 725 G3 Notebook PC
HP EliteBook 745 G3 Notebook PC
HP EliteBook 755 G3 Notebook PC
HP EliteBook 1030 G1 Notebook PC
HP ZBook 15u G3 Mobile Workstation
HP Elite x 2 1012 G1 Tablet
HP Elite x 2 1012 G1 with Travel Keyboard
HP Elite x 2 1012 G1 Advanced Keyboard
HP EliteBook Folio 1040 G3 Notebook PC
HP ZBook 17 G3 Mobile Workstation
HP ZBook 15 G3 Mobile Workstation
HP ZBook Studio G3 Mobile Workstation
HP EliteBook Folio G1 Notebook PC

As noted by modzero, paying particular attention if you are using a keylogger installed PC as a shared one. Although it is possible to delete the file "C: \ Windows \ System32 \ MicTray.exe" or "C: \ Windows \ System32 \ MicTray64.exe", updating by HP or Conexant is not at the time of article creation .