But a much larger part of the story may sound familiar to any experienced Windows or Office user. aren’t talking to each other-I bet they start talking now.ĭiscussion continues on the AskWoody Lounge.Conspiracy theories are gaining steam as accusations about Microsoft "spy patches" heat up. to gain attention.” Looks like HP Enterprise and HP Inc. Then on May 5, modzero got a response from HP Enterprise, which “tried to reach for security folks at HP Inc. Modzero contacted Conexant the same day, and when the keylogger was found in the latest audio drivers, it contacted HP Enterprise on May 1. The group says it discovered the keylogger in MicTray 1.0.0.31 back on April 28. Modzero isn’t happy with the runaround it’s getting from HP. If you have a Conexant audio chip- Speccy will tell you-go through those steps, make sure that MicTray64.exe gets renamed, and delete current and backed-up copies of MicTray.log. If a C:\Users\Public\MicTray.log file exists on the hard drive, it should also be deleted immediately, as it can contain a lot of sensitive information such as login-information and passwords. However, the special function keys on the keyboards might no longer work as expected. We recommend that you delete or rename the executable files so that no keystrokes are recorded anymore. Here is the disinfection method proposed by modzero:Īll users of HP computers should check whether the program C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe is installed. I have no idea how the driver passed Microsoft certification, but apparently it has. Any framework and process with access to the MapViewOfFile API should be able to silently capture sensitive data by capturing the user's keystrokes. If the logfile does not exist or the setting is not yet available in Windows registry, all keystrokes are passed to the OutputDebugString API, which enables any process in the current user-context to capture keystrokes without exposing malicious behavior. In addition to the handling of hotkey/function key strokes, all key-scancode information is written into a logfile in a world-readable path (C:\Users\Public\MicTray.log). Monitoring of keystrokes is added by implementing a low-level keyboard input hook function that is installed by calling SetwindowsHookEx(). The program monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys. The infection method seems simple enough:Ĭonexant's MicTray64.exe is installed with the Conexant audio driver package and registered as a Microsoft Scheduled Task to run after each user login. It’s still there today with driver Version 1.0.0.46. Modzero says it found evidence of the problematic behavior going all the way back to December 2015. It's an impressive lineup, including many current models. The Security Advisory goes on to list almost 30 HP machines known to use the bad drivers, including EliteBook, ProBook, ZBook, and Elite x2 models running both Windows 10 and Win7.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |