Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Malware Locks Browsers to Steal Google Login

September 11, 2024
Reading Time: 2 mins read
in Alerts

A new malware campaign has emerged, utilizing an unusual and frustrating method to steal user credentials. The malware locks the user’s browser in kiosk mode, a configuration that forces the browser to run in full-screen without the typical interface elements, like address bars or navigation buttons. This technique is specifically designed to lock users onto a Google login page, with no apparent way to close the window. Keyboard shortcuts, such as the “Esc” and “F11” keys, are disabled to prevent users from exiting the full-screen mode, thereby trapping them on the page and encouraging them to input their Google credentials to “unlock” the computer.

The browser remains locked on a URL prompting users to change their Google account password, a process that requires them to reenter their current password. The malware leverages this prompt as a tactic, hoping that users will save their credentials to the browser in an attempt to gain access. Once the credentials are entered and stored in the browser, the StealC information-stealing malware retrieves the saved details, sending them back to the attackers, thereby compromising the user’s Google account and potentially other connected services.

Researchers from OALABS have identified this attack method as part of a wider campaign, which has been observed in the wild since August 2024. This attack is primarily linked to Amadey, a malware loader and reconnaissance tool that has been in circulation since 2018. The Amadey malware deploys an AutoIt script that scans infected machines for available browsers and forces them into kiosk mode to direct the user to a specific Google login URL. This abuse of kiosk mode, typically used in public kiosks to limit user interactions, is now exploited to trick users into entering and saving their Google credentials.

Users who encounter the malicious kiosk mode should remain cautious and avoid entering any sensitive information. Researchers suggest several methods to exit kiosk mode, such as using different keyboard shortcuts, accessing the task manager, or killing the browser through the Windows command prompt. In the worst case, users may need to perform a hard reset, but this may result in losing unsaved work. Once the system is rebooted in Safe Mode, a full antivirus scan is recommended to detect and remove the malware. The appearance of unexpected kiosk mode browser launches should always be treated as suspicious and addressed promptly.

 

Reference:

  • Malware Locks Users in Kiosk Mode to Steal Google Credentials
Tags: Cyber AlertsCyber Alerts 2024Cyber threatsGoogleInfostealersMalwareMalware CampaignSeptember 2024Stealc
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial