Keylogger Found in HP Notebook Keyboard Driver [source: bleepingcomputer]

HP has released driver updates for hundreds of notebook models to remove debugging code that an attacker could have abused as a keylogger component.

The keylogging code was present in the SynTP.sys file, which is part of the Synaptics Touchpad driver that ships with some HP notebook models.

“The logging was disabled by default but could be enabled by setting a registry value,” said Michael Myng, the security researcher who discovered the flaw earlier this year.

That registry key is:

HKLM\Software\Synaptics\%ProductName% HKLM\Software\Synaptics\%ProductName%\Default

Malware devs can use this registry key to enable the keylogging behavior and spy on users using native kernel-signed tools, undetectable by security products. All they have to do is to bypass a UAC prompt when tweaking the registry key. There are tens of methods of bypassing UAC prompts currently available.

For more, click here.