From the host machine it's undetectable - it looks like a real KB/mouse because it is a real KB-mouse, no different from an actual real one with a robot arm moving it and pressing keys.
While those guys are weeding out the poor remote workers limited to off-the-shelf KVM devices that are just trying to enjoy their miserable bullshit job a bit more, actual attackers with more resources (including the DPRK they fear so much) are busy pwning them.