Lenovo AIScreenshot: Alt+S opens an RGB/POS color picker

[heilong]

ThinkPad W530, Windows 10. For the first time in my life getting this: Pressing Alt+S opens a small window which follows the mouse cursor, and shows a zoomed-in version of what's under it, with the RGB values and the POS(ition) of the pixel under the crosshairs. Pressing Esc closes the window.

Using Spy++, I tracked down the process that handles this hotkey, which is: C:\Program Files\Lenovo\AIScreenshotAddin\AIScreenshot.exe

It looks like Lenovo Vantage just installed it (silently), as the directory creation date is today, ‎16 ‎August ‎2022, ‏‎06:03:42

I haven't been able to find any information on this software, how to uninstall it or disable/reenable it (if desired).

[heilong]

On my W530, the AIScreenshot disappeared as mysteriously as it appeared.
Probably someone at Lenovo realized how big mess-up they did.

In my Lenovo Vantage auto update settings I only enabled critical updates.
It looks like Lenovo Vantage has the capability to silently auto install any software they want under disguise of a critical update, e.g. a driver update.
According to one comment in this Reddit thread, this AIScreenshot update was listed in Windows Update History, Drivers Update. Although I can't find it there now. It's quite likely that Lenovo Vantage rolled back the update and cleaned up that record from the update history.

I found another mention of this topic here (in Chinese).

I wish I made a backup of this AIScreenshot, so that it can be checked for some nefarious activity. But even if that software didn't do anything suspicious, this incident makes me quite worrying. It's quite evident Lenovo Vantage is capable of sneaking in any kind of malware/spyware as a "critical driver update". And, considering Lenovo is a Chinese company, I wouldn't be surprised if it's already doing it.