News Categories

Your audio driver could also be a part-time keylogger

By Ian Chee - on 12 May 2017, 11:50am

Your audio driver could also be a part-time keylogger

Keyloggers are probably the kind of spyware that most PC users would be aware and wary of. This is especially true of people who have to, at any point, use a shared system like those found in cyber cafes. This looks to be a problem that we should all be worried about again, as Ars Technica recently reported that a number of systems that we use may come infected with one.

Image source: modzero.

The keylogger in question is supposedly included in a device driver for Conexant audio chips, according to modzero, a Switzerland-based security consulting firm. One of the device driver components is MicTray64.exe, an executable file that allows the driver to respond when certain special keys are pressed. As it turns out, the file sends all keystrokes to a debugging interface or writes them down in an unencrypted log file.

This is a major issue for a number of HP PCs “since at least Christmas 2015,” and any other system manufacturer using Conexant audio chips could have their products be at risk. modzero decided to issue the public advisory after both HP and Conexant failed to respond to private messages reporting the findings.

You can look for the file in question yourself in the default directory, C:\Windows\System32\MicTray.exe or C:\Windows\System32\MicTray64.exe. The log file, on the other hand, would likely be at C:\Users\Public\MicTray.log. The good news is that the log is overwritten each time the system is rebooted, but there can be a lot of ways for them to be preserved. One key example is if you back up your system regularly.

Source: modzero via Ars Technica.