Annoying New Malware Forces Chrome Users to Give Up Passwords

The malware itself doesn’t directly steal the credentials but instead frustrates the user into willingly entering them. Once entered, StealC accesses the browser's credential storage, where the login details are extracted and sent to the attackers. To carry out this attack, the malware is deployed through a known hacking tool called Amadey, which has been used by cybercriminals for several years.

This attack is particularly dangerous because it preys on user impatience, pushing them to quickly provide their credentials in an attempt to exit the locked screen. Additionally, cyber experts have warned that this is not the only threat Chrome users are facing, with malware like TrickMo also making rounds, targeting Android users with fake Chrome apps and stealing two-factor authentication codes.

How to protect yourself from this threat

As a Chrome user, you may be wondering how to avoid falling victim to this latest cyber attack. The StealC malware campaign is a stark reminder that even seemingly harmless interactions, like entering your Google password, can have serious consequences if done under suspicious circumstances.

If you find your browser suddenly trapped in kiosk mode, don't panic. Instead, try using key combinations like Alt + F4 or Ctrl + Shift + Esc to exit the locked browser session. These shortcuts might help you regain control of your system without entering your credentials. In the worst-case scenario, consider rebooting your computer into Safe Mode and running a full malware scan.

Remember, prevention is key. Always ensure your browser and antivirus software are up-to-date, and avoid clicking on suspicious links or downloading unverified software. Stay informed about the latest threats and adopt security practices like two-factor authentication to add an extra layer of protection to your accounts​.