Skip to main content
Cybersecurity

Hackers are tapping a new technique to trick Chrome users into giving up their passwords

The new attack tactic, which is used along with information stealing malware, forces a victim’s browser into kiosk mode and disables common escape keys.
article cover

Francis Scialabba

less than 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Forget scare tactics—new research from OALabs Research shows that bad actors are looking to “annoy” their way into obtaining the Google Chrome log-in credentials of their next victims.

According to a Sept. 11 research note, hackers are using a new attack technique alongside information stealing malware to force victims into coughing up their Google account password.

What’s the magic (pass)word? The technique is mainly deployed through Amadey malware, which uses an AutoIt script to launch an individual’s browser in kiosk mode—a setting that restricts their device to running a single application in full-screen mode, similar to a self-service kiosk—and direct them to the login page of a targeted service. While in kiosk mode, the Escape and F11 keyboard keys, which would bypass full-screen mode under normal circumstances, become disabled.

“This tactic annoys the victim into entering their credentials in an attempt to close the window,” the researchers wrote. “Once the credentials are entered, they are stored in the browser’s credential store on disk and can be stolen using stealer malware, which is deployed along with the credential flusher.”

OALab researchers claim that the technique has been used by hackers since August of this year in “conjunction” with StealC, a credential stealing malware.

Brace yourself. Al Carchrie, R&D lead solutions engineer at Cado Security, told IT Brew that once attackers obtain these credentials, it’s time to go phish.

“They would have Google Workspace and that would then give them that kind of access to then login and impersonate that user,” said Carchrie, adding that the hackers can then send phishing emails to unsuspecting clients.

However, he noted that organizations can still protect themselves by making sure they have multi-factor authentication enabled and other protections in place.

“[Make] sure that systems have up-to-date anti-virus and endpoint detection response capabilities to detect the malware as it’s arriving in the first place,” he said.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.