The Mantistek GK2 104 Keyboard is discovered to have keylogging capabilities which secretly transmits users’ key logs using a Cloud Driver to an Alibaba Server based in China.

The MantisTek GK2 is a modest mechanical keyboard console from China that costs half as much as the mechanical models from popular manufacturers.  Due to cheap costs, several devices that originate from China appear to have either poor security or protection issues caused by gathering client information without customers’ unequivocal authorization.

On the other hand, the Alibaba Group is a Chinese e-commerce company that provides consumer-to-consumer, business-to-consumer and business-to-business sales services via web portals.  It also provides electronic payment services, a shopping search engine and data-centric cloud computing services.

The primary issue is by all accounts caused by the device’s “Cloud Driver,” incorporated with the keyboard package which sends data to IP address attached to Alibaba servers.  Alibaba offers cloud computing services, connoting that the information is not actually being sent to Alibaba, but to another person or company utilizing an Alibaba server.

Plain-text keystrokes collected by the keyboard are being uploaded to a Chinese server located at IP address:

The information being sent has been recognized as key presses.  This should concern individuals who purchased this device, since key presses incorporate huge amounts of usable information like email addresses, logins, and even passwords the users may have encoded at some point.

The primary approach to prevent the keyboard from sending your key presses to the Alibaba server is to make sure that the MantisTek Cloud Driver program is not running automatically.

The second technique to stop the information accumulation is to obstruct the CMS.exe executable in the firewall.  It can be done by simply including another firewall control for the MantisTek Cloud Driver in the “Windows Defender/Microsoft Security Essentials/Firewall with Advanced Security.”

Chinese products are undoubtedly inexpensive, yet lacks the significant security features.  Most users tend to look at the perceptible and short-term savings without taking into consideration the threats imposed by using the devices.  Considering that Mantistek GK2 104 Keyboard has keylogging capabilities, users are advised to refrain from using such and other products manufactured by Mantistek until the issue has been clarified by the company.

For those who have used the said device for a considerable amount of time, the information collected from them could be used anywhere.  Sensitive information of affected users such as passwords should be changed as soon as possible.  Additionally, other account information such as financial accounts should be reported to concerned authorities for proper action.



Manny Cuevas

My name is Manny Cuevas a Security Researcher / Engineer for about 15 years that focuses on Web and Mobile applications and other platforms from the Island of Sulu, Philippines. I’m also a scientist, inventor and a top ranked hacker in the world that bypass all security systems.


Leave a Reply

Your email address will not be published. Required fields are marked *