1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.

Chinese Keyboard Maker Caught Tracking Typed Keys on Customer’s Computers

Discussion in 'General Malware And Security' started by starbuck, Nov 7, 2017.

  1. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Sep 26, 2009
    Midlands, UK
    Operating System:
    Windows 10
    AMD Athlon II x2 250 Processor 3.00GHz
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    MantisTek includes keylogger in keyboard software


    Chinese mechanical keyboard manufacturer MantisTek has allegedly included keylogging capabilities in the software application offered to customers of its GK2 model.

    Specifically developed to provide more customization options for RGB illumination and macros, the keyboard companion software can also track typed keys on the keyboard and send information to a server that’s being hosted on Alibaba Cloud.

    A component described as “cloud driver” appears to be responsible for recording the keypresses and sending them to IP, with the data then stored in two different locations, namely /cms/json/putkeyusedata.php and /cms/json/putuserevent.php.

    The worst thing is that the data is being transmitted unencrypted, which means that anyone who monitors the traffic of your Internet connection can intercept the logged information and see what you typed on the keyboard.
    Everything that is being typed on a MantisTek keyboard is being collected, including credit card information, personal data, and any other text that users input on websites or in documents.

    Remove the software application

    The weird thing is that trying to connect to the said IP address using a browser seems to point to a Chinese login page that also hosts a link to Browse Happy.
    The Chinese text on the page seems to point to a cloud mouse management system, so it could provide access to data collected by the keylogger.

    At this point, there’s absolutely no official information on the keylogging capabilities of the software tool and MantisTek has obviously remained tight-lipped, but customers who purchased the said keyboard model are recommended to uninstall the companion application as soon as possible to make sure their keypresses aren’t logged and sent to the company.

    Additionally, a firewall that can block the CMS.exe process can also help deal with the keylogger, though in this case users must be sure that all connections to the server are blocked.

    As for those whose information has already been tracked, you better keep an eye on your bank accounts and personal details to detect any suspicious activity and report it to law enforcement.


Share This Page