Michael Myng, more commonly known as ZwClose, was approached by a friend to look into the possibility of controlling the keyboard's backlighting on his HP laptop. Michael was down for the challenge, and his friend sent the Synaptics SynTP.sys file over to him. After analyzing the keyboard driver, he found the sleeping keylogger. The logging function is disabled by default. However, intruders can enable it easily by modifying the registry value through malicious code. Michael reported the issue to HP, and the company released a list of the affected laptop models along with a security patch. The list contains over 400 models from HP's most popular product lines like the EliteBook, ProBook, ZBook, Spectre Pro, ENVY, Pavilion, OMEN - just mention a few. Now that the vulnerability is public, we urge HP laptop owners to install the security patch ASAP. The fix is also available on Windows Update if that's your preferred method.

The MantisTek GK2 is a popular 104-key mechanical keyboard that costs around $49.99. It has all the bells and whistles that you would expect from a keyboard aimed at gamers. It even comes with a keylogger, free of charge. Our colleagues from Tom's Hardware reported a rather disturbing story around this particular model. With the amount of stuff you can do on gaming keyboards nowadays, the majority comes with some kind of software for user customization. The MantisTek GK2 is no different. However, there have been multiple reports from owners claiming that the keyboard's software is actually a front to steal your valuable information.

Apparently, the keyboard's "Cloud Driver" is the culprit responsible for sending user information to a pair of IP addresses linked to Alibaba servers. Nevertheless, that doesn't mean Alibaba is stealing your data. Since the company also sells cloud services, it's quite possible that someone is using Alibaba servers to pull off the heist. After analyzing the software's online activity, users have discovered that the data being sent also included key presses. If you're one of the unlucky owners, it's recommended that you uninstall the software entirely. Make sure you block the CMS.exe executable and MantisTek Cloud Driver with your firewall as well.