Keyloggers Discovered In MantisTek GK2 Gaming Keyboard - CyberNews404

CyberNews404 is an online technology portal that provides information about the world of cyber news, cyber technology, tech news, tips & trik, tutorial etc. compelling content that educates the public and also provides unique entertainment.

Post Top Ad

Keyloggers Discovered In MantisTek GK2 Gaming Keyboard

Keyloggers Discovered In MantisTek GK2 Gaming Keyboard

Share This
Mantistek GK2 Mechanical Gaming Keyboard is a popular keyboard that costs around € 49.66

CyberNews404 - Mantistek GK2 Mechanical Gaming Keyboard is a popular keyboard that costs around € 49.66 is suspected to have been caught secretly recording everything you type on the keyboard and sending it to a server managed by Alibaba Group.

Keylogger at Mantistek GK2 Mechanical Gaming This keyboard is notified by some owners who are heading to online forums to share this issue.

According to Tom's Hardware, the MantisTek keyboard uses the 'Cloud Driver' software, allows for the collection of analytic information, but manages to capture sensitive information and sends it to Alibaba-related servers.

After a closer analysis, Tom's Hardware team found that the Mantistek keyboard did not include a full keylogger. Instead, it captures the number of times the button is pressed and sends this data back to the online server.

Affected users also provide screenshots that show how all the usual text button presses collected by the keyboard are being uploaded to a Chinese server located at the IP address: 47.90.52.88.


However, even if there is no malicious intent, capturing and uploading a keystroke count without user permission violates trust and compromises system security by leaking sensitive information.

Because Alibaba Group also sells cloud services like Google and Amazon, the information collected is not necessarily sent to Alibaba itself, but to someone using its cloud services.

When opening the intended IP address in the web browser and displaying the login page in Chinese, it translates to "Cloud mouse platform background management system" and is managed by Shenzhen Cytec Technology Co., Ltd.

Reportedly, MantisTek keyboard software sends the collected data to two destinations in the IP address:


  • /cms/json/putkeyusedata.php
  • /cms/json/putuserevent.php

The best way to prevent your keyboard from sending keystrokes to Alibaba servers is to stop using Mantistek GK2 Mechanical Gaming Keyboard until you hear back from the company about this issue.

If you can not prevent yourself from using the keyboard, but want to stop sending your keystrokes to the Alibaba server, make sure MantisTek Cloud Driver software is not running in the background, and block CMS.exe in the firewall.

To block CMS.exe, add a new firewall rule for MantisTek Cloud Driver in "Windows Defender Firewall With Advanced Security."



No comments:

Post a Comment

Post Bottom Ad