Hacker plans to sell 932 millions of stolen files
infosec

Hacker plans to sell 932 millions of stolen files

A serious data breach case is taking place, as according to ZDNet, a hacker named Gnosticplayers plans to ...
Read More
infosec

Zero-Day Vulnerability gives Hackers full access to PCs

A new zero-day vulnerability, which acts as a backdoor, giving access to hackers so they can take control of a ...
Read More
infosec

EU: There is no evidence of Kaspersky's risk

In June of 2018, there was an issue with Kaspersky Lab's products. The European Parliament had approved ...
Read More
infosec

Wipro: Carry out research after discovering a violation of data

The technology company Wipro said it is conducting an internal investigation after discovering that for some months some hackers ...
Read More
infosec

The cost of rescuing files from ransomware doubled 2019

The ransomware attacks are very widespread this time. Surveys show that hackers have greatly increased their ...
Read More
Latest Posts

HP; Beware there is a keylogger installed

Security firm modzero AG from Switzerland reports that some HP devices have a keylogger installed on audio drivers.

The keylogger is built into the driver lists all the keystrokes that system users make and stores them in a log file that names MicTray.log and stores it in the path:

C: \ Users \ Public \

Note that the log is saved in the public folder and not in that user's folder.

The publication of the security company naturally raises several questions. First, why need a keylogger in the audio driver and, second, how do we make sure it does not run on HP devices.keylogger

The first thing you need to know is that only HP devices seem to be affected by the discovery of the company. Modzero AG says the HP EliteBook, HP ProBook, HP Elite, and HP ZBook models with Windows 7 and Windows 10 are affected. You can see the full list of affected devices in the link at the end of the publication.

The security company reports that if you are using an HP (Hewlett-Packard) device you should check if the files are in use

C: \ Windows \ System32 \ MicTray64.exe

and

C: \ Windows \ System32 \ MicTray.exe

If there are, you need to delete or rename them to stop the keylogger.

In addition, you should check for the existence of the file

C: \ Users \ Public \ MicTray.log

If it exists, delete it.

All your keystrokes are recorded in this text file, and may contain sensitive information such as authentication data, credit card numbers, personal chat messages, and / or emails. Note, however, that this file is replaced after each link.

This may be backed up, file history, or other services that make copies of the file and may have stored earlier versions of the file. So you should be sure to delete these files to avoid leaks.

The executable MicTray file (in the 64 or 32-bit variant) is installed with the Conexant audio driver. The program is scheduled to run immediately after the user enters, and so it begins to immediately record its keystrokes.

Its main function is to provide functionality between the device keys and certain audio driver features, such as mute the microphone.

Modzero AG reports on keylogging:

Key tracking is added by applying a low-level keyboard input hook function that is installed and calls SetwindowsHookEx ().

You will probably wonder why the keylogger was added to the driver. Modzero AG states:

In fact, the purpose of the software is to recognize whether a special key has been pressed or released. However, the developer has introduced various diagnostics and debugging features to ensure that all keystrokes either are transmitted through the debugging interface or are logged in the log that is in a public folder on the hard drive.

________________________________________________

Users who are affected by HP affected devices will need to make sure that this software is not up to date. If it is updated, it will re-install the keylogging application and delete it more ....

https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *