A new malware is using the browser’s Kiosk mode to trick users into giving up their Google credentials. Dubbed StealC, the malware puts the browser in Kiosk mode, often used in public places like libraries, and locks the user onto a fake Google login page. Once the browser is in this mode, the user can’t exit by pressing the standard keys ESC or F11, so they might feel forced to enter their credentials to get out of the browser.
The goal of the malware is to get the user’s Google login credentials. After entering the username, the user is redirected to a page that asks for both current and new passwords under the guise of a password reset process, so the attackers can get both sets of credentials. This multi-stage attack increases the chances of success as the user might unknowingly compromise not just their login details but also their recovery information.
The malware is installed through “Amadey”, a downloader that has been around since 2018 and was used in other attacks. Amadey delivers StealC which then hijacks the browser.
Bruce Schneier, a well known security expert, said “This is like all the other attacks that use user frustration to extract sensitive information. Blocking the essential keyboard functions like ‘ESC’ and ‘F11’ increases the chances that users will unknowingly give up their credentials.”
The attack highlights the risks of public and shared computers where Kiosk mode is often enabled to limit user activity. Libraries, internet cafes and other public access points are especially vulnerable. Users should be extra careful when using shared devices and avoid entering sensitive credentials on unknown or suspicious login screens.
If you are stuck in Kiosk mode by this malware, here are some workarounds to get out. On Windows, you can use “Ctrl + Shift + Esc” to open Task Manager and close the browser from there. Or you can use “Win + R” to open the command prompt and manually kill the browser process. Mac users can force quit the browser using “Cmd + Alt + Esc”.
Experts recommend to update browsers and antivirus software to mitigate the risks of such malware. Also using 2FA for Google accounts can add an extra layer of protection even if credentials are compromised.
Phishing and credential stealing never goes away. Be aware and know the signs.
