Built-in Keylogger Found in MantisTek GK2 Keyboards—Sends Data to China

Discussion in 'Off Topic' started by Dr. AMK, Nov 7, 2017.

  1. Dr. AMK

    Dr. AMK Notebook Evangelist

    Reputations:
    470
    Messages:
    494
    Likes Received:
    945
    Trophy Points:
    106
    Built-in Keylogger Found in MantisTek GK2 Keyboards—Sends Data to China
    [​IMG]
    "The right keyboard can make all the difference between a victory and a defeat in a video game battlefield."

    If you are a gamer, you can relate to the above quote.

    But what if your winning weapon betrays you?

    The popular 104-key Mantistek GK2 Mechanical Gaming Keyboard that costs around €49.66 has allegedly been caught silently recording everything you type on your keyboard and sending them to a server maintained by the Alibaba Group.


    This built-in keylogger in Mantistek GK2 Mechanical Gaming Keyboard was noticed by a few owners who headed on to an online forum to share this issue.

    According to Tom's Hardware, MantisTek keyboards utilise 'Cloud Driver' software, maybe for collecting analytic information, but has been caught sending sensitive information to servers tied to Alibaba.

    The affected users also provided a screenshot showing how all your plain-text keystrokes collected by the keyboard are being uploaded to a Chinese server located at IP address: 47.90.52.88.

    [​IMG]

    However, since like Amazon and Google, Alibaba Group also sells cloud services, this collected information is not necessarily being sent to the Alibaba itself, but someone who is using the company's service.

    Opening the IP address in question directly into a web browser and on a Chinese login page, which translates to "Cloud mouse platform background management system" and is maintained by Shenzhen Cytec Technology Co., Ltd.


    Reportedly, the MantisTek keyboard's software sends the collected data to two destinations at that IP address:
    • /cms/json/putkeyusedata.php
    • /cms/json/putuserevent.php
    The best way to prevent your keyboard from sending your keystrokes to the Alibaba server is to stop using your Mantistek GK2 Mechanical Gaming Keyboard until you hear back from the company about this issue.

    If you cannot prevent yourself from using the keyboard, but want to stop it from sending your key presses to the Alibaba server, just make sure the MantisTek Cloud Driver software is not running in the background, and block the CMS.exe executable in your firewall.

    To block the CMS.exe executable, add a new firewall rule for the MantisTek Cloud Driver in the "Windows Defender Firewall With Advanced Security."
     
  2. HTWingNut

    HTWingNut Moo

    Reputations:
    21,549
    Messages:
    35,309
    Likes Received:
    9,539
    Trophy Points:
    931
    What the hell?
     
    Dr. AMK likes this.
  3. Tanner@XoticPC

    Tanner@XoticPC Company Representative

    Reputations:
    342
    Messages:
    2,644
    Likes Received:
    2,787
    Trophy Points:
    181
    When the first time I've even heard of a product is that it spies on you...
     
    Fishon, Jarhead and Dr. AMK like this.
Loading...

Share This Page