Many users online, spotted by Tom’s Hardware, noticed that the hidden keylogger in Mantistek GK2 Mechanical Gaming Keyboard was sending off their data and that it was reaching Chinese business e-commerce giant Alibaba. Alibaba provides a server hosting service, so it’s possible that the private data is making it’s way to someone who is hiring the service.
According to Tom’s Hardware:
“The main issue seems to be caused by the keyboard’s “Cloud Driver,” which sends information to IP addresses tied to Alibaba servers. Alibaba sells cloud services, so the data isn’t necessarily being sent to Alibaba, the company, but to someone else using an Alibaba server.”
After a deep look, Tom’s Hardware team discovered that Mantistek keyboard does not hold a full-fledged keylogger. But, it logs how many times a key has been pressed by the user and sending this information back to online servers. It seems that there is no malicious purpose, but logging and sending keystroke counts without users’ approval breaks trust and puts systems’ security at risk by leaking sensitive data.
Users can stop the keylogger by ensuring that the MantisTek Cloud Driver software isn’t running in the background. Also, they can block the CMS.exe executable in the firewall.