Clearly that the popular gaming keyboard secretly records key input information and sends it to China

ByKaitlyn Baker

Popular as a gaming keyboard "Mantistek GK 2 104 key mechanical gaming keyboardIt secretly records all the entered information and it is clear that it is sending to the server managed by Alibaba Group.

Built-in Keylogger Found in MantisTek GK 2 Keyboards-Sends Data to China
https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html

Mantistek made mechanical keyboardKeyloggerIt seems to be "built in"Online ForumIt became a topic above. About this technology-based news media "Tom's Hardware"Investigated, it is found that Mantistek 's mechanical keyboard is sending confidential information to the Alibaba Group' s server via software called" Cloud Driver "used to collect analysis information.

A more detailed analysis by Tom's Hardware analysis team reveals that Mantistek 's mechanical keyboard hides keyloggers. This keylogger seems to have acquired the number of times each key was pressed and is sending that data to the online server.

One of the users who own Mantistek 's mechanical keyboard has successfully taken a screenshot of how the keylogger collected plain text keystroke information is uploaded to a Chinese server with IP address "47.90.52.88" . Even without malice, getting keystroke information and uploading without user's consent is an act contrary to the user's trust, which increases the possibility of leakage of confidential information and compromises the security of the entire system It isThe Hacker NewsI point out.


The Alibaba Group is providing cloud services like Google and Amazon, so it seems that the collected keystroke information is being sent to users using cloud services. If you open the problem IP address directly in the web browser, you will see a Chinese login page labeled "Cloud Mouse Platform Background Management System", which is a web page operated by Shenzhen Cytec Technology .

The keylogger is sending the collected information to "/ cms / json / putkeyusedata.php" and "/cms/json/putuserevent.php" of the IP address "47.90.52.88".

It is best not to use Mantistek's mechanical keyboard to prevent keystroke information from being stolen. If you want to use it absolutely, make sure that the cloud driver is not running in the background, and in the firewall It is recommended to block the executable file "CMS.exe".