Share This Post

Conexant Systems Audio Driver on HP PCs Contain an Active Keylogger

Modzero, a Switzerland-based security company, today has identified a keylogger contained in a popular audio driver that is installed on HP PCs. The company has alerted the world to its findings on its blog today.

Keylogger in Hewlett-Packard Audio Driver

A Keylogger records every key pressed on a keyboard and logs that information. The information is then sent to a central source. In nefarious cases, the information is used to steal personal data like credit card numbers, social security numbers, passwords, and more.

There’s no evidence so far that the keylogging is capturing data to be used to collect personal data – but there’s also no evidence or clear communication as to why the keylogging software is required for an audio driver. Additionally, the log file created by the program is overwritten every login and is located at: C:\Users\Public\MicTray.log

The models affected are HP Elitebook 800 series, HP ProBook 400 and 600 series, the EliteBook Folio G1, and others. And, apparently, the program began showing up on HP PCs in 2015.

Modzero says:

All users of HP computers should check whether the program C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe is installed. We recommend that you delete or rename the executable files so that no keystrokes are recorded anymore. However, the special function keys on the keyboards might no longer work as expected. If a C:\Users\Public\MicTray.log file exists on the hard-drive, it should also be deleted immediately, as it can contain a lot of sensitive information such as login-information and passwords.


Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Share This Post

Leave a Reply