Mantistek GK2 Gaming Keyboard Had Keylogger Sending Data To China
A popular mechanical keyboard used by gamers was discovered to contain a keylogger that recorded information typed by users and sent that data to a server located in China.
The Mantistek GK2 Mechanical Gaming Keyboard, a popular and budget-friendly keyboard for gamers that retails for under $60, was discovered to contain a piece of software that silently log typed information and sent it to a server maintained by the Alibaba Group.
A number of owners started to report the potential of a keylogger being present in the device in an online forum, when an anonymous user pointed out that a process called MANTISTEK Cloud Driver was sending information to a server located at the IP address 47.90.52.88.
When that address is visited, it displays a login page with text that roughly translates to “Cloud mouse platform background management system,” according to Google Translate. Additional text on the site says that it is copyrighted by Shenzhen Cytec Technology Co., Ltd.
Further examination of operations related to the keyboard revealed the Mantistek product collected data and sent it to two locations, “/cms/json/putkeyusedata.php” and “/cms/json/putuserevent.php.”
The owner of the keyboard who the thread posted a screenshot revealing software for the Mantistek product recording a user’s keystrokes in plaintext and uploading that information to the same server. It isn’t clear if the server is owned directly by Alibaba or used by one of its customers who pay for the server space.
Others have suggested the Cloud Driver software for the keyboard isn’t directly recording keystrokes but rather the number of times an individual key is pressed. Tom’s Hardware reported as much, though having that information collected may still be too invasive for some users.
How To Stop MatisTek From Recording Keystrokes
For owners of the Mantistek GK2 Mechanical Gaming Keyboard who would rather keep their keystrokes—be it everything they type or just the numbers of times certain keys are hit—private, there are several options to block its software from sharing or recording information.
The first way to keep information from being recorded by the keyboard’s Mantistek Cloud Driver software and having that data sent to a foreign server is to block the executable file related to the keyboard from operating.
This can be done by using the Windows Defender Firewall. Find the Windows Defender Firewall by searching for it in the Start menu or find the Windows Defender Security Center option. Open the Action menu and click on “New Rule…”
Once clicked, the New Rule Wizard will appear and provide the option for what you want to set the rule for. Choose Program to create a rule that will control the connection for the Mantistek Cloud Driver. Find the CMS.exe executable and set the rule to block its connection.
© Copyright IBTimes 2024. All rights reserved.