top of page
Foto del escritorJavier Conejo del Cerro

Google Chrome: password stealer’s home



Google Chrome: password stealer’s home


A new malware attack is using a clever and frustrating trick to steal Google account information. This campaign locks users in their browser’s kiosk mode, trapping them on a fake Google login page. The goal? To annoy victims into entering their Google credentials, which are then stolen by the malware.


Browser session full of frustration: how it works


The malware takes control of the browser and forces it into kiosk mode. Kiosk mode is typically used to limit user actions, such as in public computers or demo displays, by removing navigation tools and locking the browser in full-screen. In this attack, it’s abused to prevent you from closing the browser or leaving the Google login page.


To make matters worse, the malware disables the Escape and F11 keys, which are normally used to exit fullscreen mode. This leaves the victim stuck on a Google login page with no way out, other than entering their credentials.


The culprit malware behind it


This attack is linked to Amadey, a known malware that has been around since 2018. When it infects a computer, it runs a script that forces the browser—usually Chrome or Edge—into kiosk mode, showing a specific Google login page.


The page the user sees looks legitimate because it’s the real Google password reset page (https://accounts.google.com/ServiceLogin). It prompts you to re-enter your password. The hope is that the user will enter and save their Google login credentials in the browser to "unlock" the computer.


Once the credentials are entered and saved, a second piece of malware, called StealC, steps in. StealC, active since 2023, is designed to steal saved browser information. It grabs the stored credentials and sends them to the attacker, giving them full access to your Google account.


Thwarting the password heist: what to do to exit the kiosk mode


If you find yourself stuck in this kiosk mode, DON’T enter any of your personal information. Instead, try these shortcuts to escape the browser:


- “Alt + F4”: This can close the current window.

- “Ctrl + Shift + Esc”: Opens Task Manager, where you can manually end the browser process.

- “Ctrl + Alt + Delete”: Opens options to log off or shut down.

- “Alt + Tab”: Lets you switch between open programs, which might help escape the kiosk mode.


If none of these work, you can try launching the command prompt by pressing “Win Key + R”, typing `cmd`, and using the command `taskkill /IM chrome.exe /F` to close the browser.


As a last resort, perform a hard reset by holding down the power button until your computer shuts off. This isn’t ideal and you may lose any unsaved work, but it’s better than having your Google account hacked.


Once you regain control, restart your computer in Safe Mode and run a full antivirus scan to remove the malware. Spontaneous kiosk mode browser launches are not normal, so if it happens, it's a sign your system may be infected.


In today’s digital world, cybercriminals are using more sophisticated tricks to steal personal information. Stay cautious and be alert for unusual browser behavior. If something feels off—like being stuck on a login page—it’s better to stop and troubleshoot than to rush into entering your details. Your online security is worth taking the extra time!



1 visualización0 comentarios

Comments


bottom of page