Keylogger Found in HP Notebook Keyboard Driver [source: bleepingcomputer]
HP has released driver updates for hundreds of notebook models to remove debugging code that an attacker could have abused as a keylogger component.
The keylogging code was present in the SynTP.sys file, which is part of the Synaptics Touchpad driver that ships with some HP notebook models.
“The logging was disabled by default but could be enabled by setting a registry value,” said Michael Myng, the security researcher who discovered the flaw earlier this year.
That registry key is:
HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default
Malware devs can use this registry key to enable the keylogging behavior and spy on users using native kernel-signed tools, undetectable by security products. All they have to do is to bypass a UAC prompt when tweaking the registry key. There are tens of methods of bypassing UAC prompts currently available.
For more, click here.
Recommended Posts
Lazarus supply‑chain attack in South Korea [welivesecurity]
22 Nov 2020 - CIRT In Media, News Clipping
BlockThreat – Week 26, 2020
08 Jul 2020 - News Clipping