A wrong keyboard could represent an entry point for any organization. One of the most popular Keyboards in the gaming industry, 104-key Mantistek GK2 Mechanical Gaming Keyboard seems to include a built-in Keylogger.
Many gamers found that the keyboard, which spends around € 49.66, allegedly involves the component that silently records everything on the user’s keyboard and sends them to the server created by Alababa Group.
Many owners reported their discovery on an online forum to share this issue.
“GK2 owner here. everytime you open the “MANTISTEK Cloud Driver” it sends information to 220.127.116.11 which is tied to Alibaba.com LLC. when you open the page in browser it shows login page with moonrunes that translate to “Cloud mouse platform background management system”. reported an anonymous owner.
Data collected by MantisTek keyboard software sends data collected in the following destinations:
One of the owners has shared the following screenshots which shows that all your plain text keystrokes collected from the keyboard are being uploaded to the Chinese server located in the IP address: 18.104.22.168 At that time, it is not clear if the cloud service is owned by Alibaba or one of its customers paying for the service is used.
Opening the IP address in in the web browser it is displayed a Chinese login page, which translates to “Cloud mouse platform background management system” that is maintained by Shenzhen Cytec Technology Co., Ltd.
According to Tom’s hardware, the MontTeck keyboard uses the ‘cloud driver’ software, the software does not initially send key presses on the server to be thought of, but only the number of times one key is pressed.
How To Stop The Keylogger ?
Tom’s Hardware provided instructions to stop MantisTek keyboards from sending data to the server.
1. The first way to stop the keyboard from sending your key presses to the Alibaba server is to ensure the MantisTek Cloud Driver software isn’t running in the background.
2. The second method to stop the data collection is to block the CMS.exe executable in your firewall. You could do this by adding a new firewall rule for the MantisTek Cloud Driver in the “Windows Defender Firewall With Advanced Security.”
3. If you want a one-click method, you can also download the free GlassWire network monitoring tool. GlassWire will show you all the apps making connections to the internet in the “Alerts” tab and let you block those connections in the “Firewall” tab. It can also be used for other types of connections, such as all the connections Windows 10 makes to Microsoft’s servers even when you have most or all data tracking disabled.
These days, most products are made in China, but usually some other local company acts as an intermediary to ensure that the product is developed to specification and without other “features” that shouldn’t be there. However, this additional protection goes out of the window when people decide to purchase directly from Chinese manufacturers via Chinese marketplaces. Not all products are going to have privacy or security issues, but extra caution is warranted.