Because writing log of keystrokes to C:\Users\Public\MicTray.log suggests it. If it was real keylogger its output should be hidden, at least to some extent. I understand that writing to Public directory may have its merits, but with NTFS filesystem there are ways to hide real content of a file, which apparently wasn't employed here.
A few concerns though.
From the article
"A keylogger is a piece of software for which the case of dual-use can rarely be claimed. This means there are very few situations where you would describe a keylogger that records all keystrokes as 'well-intended'. A keylogger records when a key is pressed, when it is released, and whether any shift or special keys have been pressed. It is also recorded if, for example, a password is entered even if it is not displayed on the screen."
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.htmlRemember, this is an audio driver.
" So what's the point of a keylogger in an audio driver? Does HP deliver pre-installed spyware? Is HP itself a victim of a backdoored software that third-party vendors have developed on behalf of HP? The responsibility in this case is uncertain, because the software is offered by HP as a driver package for their own devices on their website. On the other hand, the software was developed and digitally signed by the audio chip manufacturer Conexant."
"Conexant is a manufacturer of integrated circuits, emerging from a US armaments manufacturer. Primarily, they develop circuits in the field of video and audio processing. Thus, it is not uncommon for Conexant audio ICs to be populated on the sound cards of computers of various manufacturers. Conexant also develops drivers for its audio chips, so that the operating system is able to communicate with the hardware."
And here we start wandering onto fluffy ground...
"Apparently, there are some parts for the control of the audio hardware, which are very specific and depend on the computer model - for example special keys for turning on or off a microphone or controlling the recording LED on the computer. In this code, which seems to be tailored to HP computers, there is a part that intercepts and processes all keyboard input."
"Actually, the purpose of the software is to recognize whether a special key has been pressed or released. Instead, however, the developer has introduced a number of diagnostic and debugging features to ensure that all keystrokes are either broadcasted through a debugging interface or written to a log file in a public directory on the hard-drive."
I'm going to call that probably utter bullshit.
"Furthermore, the OutputDebugString API provides a covert channel for malware to record real-time keystrokes without using native Windows functions, usually under the watchful eye of antivirus software."
https://www.bleepingcomputer.com/news/security/keylogger-found-in-audio-driver-of-hp-laptops/One of the recurring themes in government spyware has been built in tools that provide access to governments and at the same time deniability to the company. This looks like it falls in that category, rather than 'accidentally poor design'.
'
"Its bad form to be even accessing this information! Aren't there OS hooks to install shortcuts for specific key sequences? There is no reason why an audio driver should be sifting through every keystroke looking for hotkeys. If installing a global keyboard input hook is actually the "correct" way to create keyboard shortcuts to mute the microphone, then at least 10% of the blame here goes to MS."
"Setting a global hook through SetWindowsHookEx instead of using the RegisterHotkey API is indeed a strange way to do this. That, along with the other things mentioned makes me wonder about the developers that wrote this. " Public comment from
https://arstechnica.com/security/2017/05/hp-laptops-covert-log-every-keystroke-researchers-warn/'
An interesting comment about Lenovo / superfish "Surprisingly, the behavior largely escaped the notice of security and privacy advocates, until now."
https://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/ Very different, but the comment is significant.
Oldest reverences I can find to the news are 4chan and
http://forums.hardwarezone.com.sg/notebook-clinic-77/hp-users-beware-keylogger-found-audio-driver-hp-laptops-5616858.html and
https://www.codeproject.com/Insider.aspx?msg=5395039 
Was this kind of shit about hp computers that has keyloggers being distributed world wide or it is just on the US? Why the fck would they surveillance us we are not a part of the US. Why would HP company do that lol
You may not be part of the U.S. but the U.S. owns you. Now get back to work.
https://s-media-cache-ak0.pinimg.com/originals/19/67/de/1967dec50c88ca01ba9e13715e1c6ac9.gif
