OALABS researchers have discovered malware exploiting an unexpected locking method: browser kiosk mode. This mode, generally used to limit user interaction on computers installed in public or for demonstrations, is here misused for malicious purposes. The malware in question blocks users on the Google login page, making it impossible to close the browser by usual means like the “Esc” or “F11” keys.
An attack through kiosk mode
Victims, frustrated by this inability to exit the window, are encouraged to enter their Google credentials to (allegedly) unlock their computer. Once the information is entered, the StealC malware springs into action and steals the data stored in the browser before sending it to the attacker. This stratagem, active since at least August, is based on the use of Amadey, malware already known for its role as an information collector and system reconnaissance since 2018.
Amadey, once launched, uses a script that scans the browsers installed on the infected computer. It then opens them in kiosk mode, a full-screen setup with no address bar or navigation button, with a page specifically geared toward resetting Google password. This display mode restricts the user’s possible actions to entering their account identifiers.
The offending link takes the victim to a Google password change page. As required by the search engine, users must re-enter their password before they can change it, giving hackers a golden opportunity to steal this crucial information.
StealC, the software used in this attack, is a lightweight but effective data stealer, capable of recovering data from browsers where users have saved their passwords. This program is particularly formidable because it operates discreetly and quickly, transmitting stolen information to hackers.
Faced with this threat, it is essential not to give in to panic. If you fall victim to this type of attack and find yourself stuck in kiosk mode, you have several options to exit the window without compromising your data. Above all, you must not enter your identifiers or any other sensitive information.
You can try key combinations like “Alt + F4”, “Ctrl + Shift + Esc” or “Ctrl + Alt + Delete” to try to close the browser or access the task manager. Another method is to open the Windows command prompt (via “Win Key + R”, then type “cmd”) and force close the browser with the command “taskkill /IM chrome.exe /F”.
In the worst case, a forced restart of the computer may be the solution. By holding the power button until the system shuts down, you will be able to reboot into safe mode (F8) and perform a full scan with antivirus software.
🟣 To not miss any news on the WorldOfSoftware, , .
/cdn.vox-cdn.com/uploads/chorus_asset/file/25673932/462754179_560996103109958_6880455562272353471_n.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25803641/247455_Kindle_Scribe_SVasani_0001.jpg)
