trusted formHackers Trick Chrome Users Into Giving Up Passwords | Several.com
Although we earn commissions from partners, we ensure unbiased evaluations. More on our 'How We Work' page
Annoying New Malware Forces Chrome Users To Give Up Passwords

Annoying New Malware Forces Chrome Users to Give Up Passwords

Annoying New Malware Forces Chrome Users to Give Up PasswordsAnnoying New Malware Forces Chrome Users to Give Up Passwords
Annoying new malware tricks users into giving up passwords

September 17, 2024

A new cyber threat targeting Google Chrome users is exploiting frustration to trick victims into revealing their Google passwords. Researchers at the Open Analysis Lab have uncovered that hackers are using a malware called StealC, which locks Chrome browsers into a full-screen kiosk mode, blocking critical escape functions like the F11 and ESC keys. Once trapped, the only option presented is a fake Google login window, urging users to input their credentials. This malware campaign, first identified in August 2024, has become a dangerous tool for hackers aiming to steal sensitive login information.

The malware itself doesn’t directly steal the credentials but instead frustrates the user into willingly entering them. Once entered, StealC accesses the browser's credential storage, where the login details are extracted and sent to the attackers. To carry out this attack, the malware is deployed through a known hacking tool called Amadey, which has been used by cybercriminals for several years.

This attack is particularly dangerous because it preys on user impatience, pushing them to quickly provide their credentials in an attempt to exit the locked screen. Additionally, cyber experts have warned that this is not the only threat Chrome users are facing, with malware like TrickMo also making rounds, targeting Android users with fake Chrome apps and stealing two-factor authentication codes.

How to protect yourself from this threat

As a Chrome user, you may be wondering how to avoid falling victim to this latest cyber attack. The StealC malware campaign is a stark reminder that even seemingly harmless interactions, like entering your Google password, can have serious consequences if done under suspicious circumstances.

If you find your browser suddenly trapped in kiosk mode, don't panic. Instead, try using key combinations like Alt + F4 or Ctrl + Shift + Esc to exit the locked browser session. These shortcuts might help you regain control of your system without entering your credentials. In the worst-case scenario, consider rebooting your computer into Safe Mode and running a full malware scan.

Remember, prevention is key. Always ensure your browser and antivirus software are up-to-date, and avoid clicking on suspicious links or downloading unverified software. Stay informed about the latest threats and adopt security practices like two-factor authentication to add an extra layer of protection to your accounts​.

Related Topics

Recent Posts