Last Updated on April 1, 2026 by Craig Allen Keefner
Malware locks Google Chrome in kiosk mode until you enter your password
New situation where hackers use kiosk mode to gain credentials. Bleeping Computer first reported. Excerpt —Â A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.
Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys. The goal is to frustrate the user enough that they enter and save their Google credentials in the browser to “unlock” the computer.
Once credentials are saved, the StealC information-stealing malware steals them from the credential store and sends them back to the attacker.
Here are the key points:
- Malware Campaign: A new malware campaign locks users in their browserâs kiosk mode to steal Google credentials.
- Attack Method: The malware blocks âESCâ and âF11â keys, forcing users to enter their credentials to âunlockâ the browser.
- StealC Malware: Once credentials are saved, the StealC malware steals them from the browserâs credential store.
- Prevention Tips: Users should avoid entering credentials and try hotkey combos like âAlt + F4â or âCtrl + Shift + Escâ to escape kiosk mode. If all else fails, perform a hard reset and run a full antivirus scan.
- Reference: bleepingcomputer.com
Here are the more key points:
- Malware Campaign: A new malware campaign forces Google Chrome into kiosk mode to steal Google passwords and other credentials.
- Amadey Malware: The attack uses the Amadey malware loader, which has been active since 2018, to spread through malicious attachments, ads, and pirated software.
- Avoiding Infection: Use keyboard shortcuts like Alt + F4, Ctrl + Shift + Esc, or Ctrl + Alt + Delete to exit kiosk mode safely. If these donât work, reboot in Safe Mode and run a malware scan.
- Prevention Tips: Install updates promptly, avoid unknown attachments and links, and consider using antivirus software for added protection.
- Reference: tomsguide.com
Exiting the k mode
Users who find themselves in the unfortunate situation of getting locked, with Esc and F11 not doing anything, should keep their frustration in check and avoid entering any sensitive information on forms.
Instead, try other hotkey combos like ‘Alt + F4’, ‘Ctrl + Shift + Esc’, ‘Ctrl + Alt +Delete’, and ‘Alt +Tab.’
Those may help bring the desktop on the foreground, cycle through open apps, and launch the Task Manager to terminate the browser (End Task).
Pressing ‘Win Key + R’ should open the Windows command prompt. Type ‘cmd’ and then kill Chrome with ‘taskkill /IM chrome.exe /F.’
If all else fails, you can always perform a hard reset by holding the Power button until the computer shuts down. This may result in losing unsaved work, but this scenario should still be better than having account credentials stolen.
When rebooting, press F8, select Safe Mode, and once you’re back on the OS, run a full antivirus scan to locate and remove the malware. Spontaneous kiosk mode browser launches are not normal and shouldn’t be ignored.
