14 DAY TRIAL // Chinese mechanical keyboard manufacturer MantisTek has allegedly included keylogging capabilities in the software application offered to customers of its GK2 model.
Specifically developed to provide more customization options for RGB illumination and macros, the keyboard companion software can also track typed keys on the keyboard and send information to a server that’s being hosted on Alibaba Cloud.
A component described as “cloud driver” appears to be responsible for recording the keypresses and sending them to IP 47.90.52.88, with the data then stored in two different locations, namely /cms/json/putkeyusedata.php and /cms/json/putuserevent.php.
The worst thing is that the data is being transmitted unencrypted, which means that anyone who monitors the traffic of your Internet connection can intercept the logged information and see what you typed on the keyboard. Everything that is being typed on a MantisTek keyboard is being collected, including credit card information, personal data, and any other text that users input on websites or in documents.
Remove the software application
The weird thing is that trying to connect to the said IP address using a browser seems to point to a Chinese login page that also hosts a link to Browse Happy. The Chinese text on the page seems to point to a cloud mouse management system, so it could provide access to data collected by the keylogger.
At this point, there’s absolutely no official information on the keylogging capabilities of the software tool and MantisTek has obviously remained tight-lipped, but customers who purchased the said keyboard model are recommended to uninstall the companion application as soon as possible to make sure their keypresses aren’t logged and sent to the company.
Additionally, a firewall that can block the CMS.exe process can also help deal with the keylogger, though in this case users must be sure that all connections to the server are blocked.
As for those whose information has already been tracked, you better keep an eye on your bank accounts and personal details to detect any suspicious activity and report it to law enforcement.