Here is a list of HP computers that may contain a built-in keylogger

Keylogger, or malicious software that records keystrokes even when the password is not visible. The techniques of masking the field with the slogan will do no good. Keylogger is able to capture anything that will be typed on a hardware or virtual keyboard.

In this case HP notebooks [...]:

  • HP EliteBook 820 G3 Notebook PC
  • HP EliteBook 828 G3 Notebook PC
  • HP EliteBook 840 G3 Notebook PC
  • HP EliteBook 848 G3 Notebook PC
  • HP EliteBook 850 G3 Notebook PC
  • HP ProBook 640 G2 Notebook PC
  • HP ProBook 650 G2 Notebook PC
  • HP ProBook 645 G2 Notebook PC
  • HP ProBook 655 G2 Notebook PC
  • HP ProBook 450 G3 Notebook PC
  • HP ProBook 430 G3 Notebook PC
  • HP ProBook 440 G3 Notebook PC
  • HP ProBook 446 G3 Notebook PC
  • HP ProBook 470 G3 Notebook PC
  • HP ProBook 455 G3 Notebook PC
  • HP EliteBook 725 G3 Notebook PC
  • HP EliteBook 745 G3 Notebook PC
  • HP EliteBook 755 G3 Notebook PC
  • HP EliteBook 1030 G1 Notebook PC
  • HP ZBook 15u G3 Mobile Workstation
  • HP Elite x2 1012 G1 Tablet
  • HP Elite x2 1012 G1 with Travel Keyboard
  • HP Elite x2 1012 G1 Advanced Keyboard
  • HP EliteBook Folio 1040 G3 Notebook PC
  • HP ZBook 17 G3 Mobile Workstation
  • HP ZBook 15 G3 Mobile Workstation
  • HP ZBook Studio G3 Mobile Workstation
  • HP EliteBook Folio G1 Notebook PC

[...] may include a keylogger in the HP Audiodriver Packages Audio Driver or the Conexant High-Definition (HD) Audio Driver version 10.0.931.89 and older.

The author of this information working for Modzero , who deals with security, is not able to clearly determine whether HP knew about the installed spyware, or whether it itself fell victim to a backdoor developed by an external company - in this particular case by Conexant, a supplier of integrated circuits and chips audio that has prepared drivers for laptop motherboards above the HP models indicated.

Thorsten Schroeder, the author of the article explains it in this way:

The installation of the suspicious MicTray64.exe process from Conexant takes place by means of an audio driver that runs after each login. This program monitors all keystrokes made by the user. Through it, it is also possible to mute the microphone, adjust the volume level, or control the LED backlight.

Keystroke monitoring is added by implementing in the controller the ability to call the SetwindowsHookEx function for handling shortcuts / function keys. Keylogging is most likely a programming error in which debugging and logging of the pressed or released special key is enabled.

All operations are saved in the location:

C: \ Users \ Public \ MicTray.log

If the log file does not exist, the keystroke logging can take place in the context of any running process by the logged in user. So, capturing keystrokes can take place for any running program, e.g. LastPass, KeePass, browsers ...

It is recommended to delete the C: \ Users \ Public \ MicTray.log log and C: \ Windows \ System32 \ MicTray.exe executables and C: \ Windows \ System32 \ MicTray64.exe log files or rename them. It can, however, affect the problems in the operation of special keys to handle the sound (mute, adjust the sound level).

At the moment, HP has not yet released an update, and the latest HP Audiodriver Packages / Conexant High-Definition (HD) Audio Driver drivers are from 2015.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.