Many users have begun to complain that the MantisTek GK2 mechanical keyboard comes with software that acts as a keylogger, sending keystroke information from the keyboard keys to a server located in Alibaba. Fortunately, stopping the activity of this keylogger is very simple, but this should serve as a warning to sailors.
There are times when we buy a cheap peripheral we know what we are exposed to. We know that the quality is certainly not going to be as high as that of the most reputable brand peripherals. We also know that its durability will not be the same. This is something we accept and are aware of.
What is no longer acceptable is that the peripheral we have purchased, by the way, installs a keylogger inside our computer. Which is what seems to have happened with the MantisTek GK2 mechanical keyboard. A keyboard that belongs to the category of cheap Chinese mechanics (less than 50 € in Banggood). And it’s not that this is bad in itself, since I’ve tried several of these and found them surprisingly effective in their use. No, the problem is in the configuration software to be installed on our system, which is where the marras keylogger is actually hosted.
Cloud Driver software sends information to Alibaba servers
It is the Cloud Driver software that includes the MantisTek GK2 is in charge, through the CMS. exe process of sending all data from the pulses to an Alibaba server. It’s not like Alibaba is behind all this. Rather, someone who has a server contracted with Alibaba is receiving all this data.
At this point, we all know how dangerous keyloggers can be, since they record all keystrokes on the keyboard. That includes email addresses, your own emails, bank passwords, etc. That is, they are a huge security hole for our team. Because to know what is being done or who is getting these reports from the keylogger of marras.
Right now, those of you who have this keyboard the first thing you should do is to uninstall the Cloud Driver software from the keyboard. However, you can also block the CMS. exe process in your firewall. This will completely interrupt communication with the server to which the data is being sent.