The 104-key Mantistek GK2 Mechanical Gaming Keyboard that costs around €49.66 has allegedly been caught silently recording everything you type on your keyboard and sending them to a server maintained by the Alibaba Group.
This built-in keylogger in the Mantistek GK2 Mechanical Gaming Keyboard was noticed by a few owners who headed to an online forum to share this issue.
According to Tom’s Hardware, MantisTek keyboards utilise ‘Cloud Driver’ to do the actual data transmission to servers located in China.
The keystrokes captured appear to relate to how often a key is pressed and how long the key lasts overall. In simple terms, Mantistek appears to be monitoring the longevity of their product. But people aren’t happy about this, nor should they be. This method of data collection was not clearly disclosed nor was there a clear function to disable it.
The IP in question is controlled by the Alibaba group, but as they sell cloud services in the Asian market similar to that of Amazon AWS, they may have had no knowledge this was happening. The affected users also provided a screenshot showing how all your plain-text keystrokes collected by the keyboard are being uploaded to a Chinese server located at IP address: 126.96.36.199.
If you have one of these keyboards and can’t replace it immediately, it’s strongly advised that you block the Cloud Driver application (CMS.exe) within your OS startup controls to prevent it from loading at boot. It’s also a good idea to block the app and the IP above via your firewall.