Malware locks Google Chrome in kiosk mode until you enter your password
New situation where hackers use kiosk mode to gain credentials. Bleeping Computer first reported. Excerpt — A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.
Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys. The goal is to frustrate the user enough that they enter and save their Google credentials in the browser to “unlock” the computer.
Once credentials are saved, the StealC information-stealing malware steals them from the credential store and sends them back to the attacker.
Here are the key points:
- Malware Campaign: A new malware campaign locks users in their browser’s kiosk mode to steal Google credentials.
- Attack Method: The malware blocks “ESC” and “F11” keys, forcing users to enter their credentials to “unlock” the browser.
- StealC Malware: Once credentials are saved, the StealC malware steals them from the browser’s credential store.
- Prevention Tips: Users should avoid entering credentials and try hotkey combos like ‘Alt + F4’ or ‘Ctrl + Shift + Esc’ to escape kiosk mode. If all else fails, perform a hard reset and run a full antivirus scan.
- Reference: bleepingcomputer.com
Here are the more key points:
- Malware Campaign: A new malware campaign forces Google Chrome into kiosk mode to steal Google passwords and other credentials.
- Amadey Malware: The attack uses the Amadey malware loader, which has been active since 2018, to spread through malicious attachments, ads, and pirated software.
- Avoiding Infection: Use keyboard shortcuts like Alt + F4, Ctrl + Shift + Esc, or Ctrl + Alt + Delete to exit kiosk mode safely. If these don’t work, reboot in Safe Mode and run a malware scan.
- Prevention Tips: Install updates promptly, avoid unknown attachments and links, and consider using antivirus software for added protection.
- Reference: tomsguide.com
Exiting the k mode
Users who find themselves in the unfortunate situation of getting locked, with Esc and F11 not doing anything, should keep their frustration in check and avoid entering any sensitive information on forms.
Instead, try other hotkey combos like ‘Alt + F4’, ‘Ctrl + Shift + Esc’, ‘Ctrl + Alt +Delete’, and ‘Alt +Tab.’
Those may help bring the desktop on the foreground, cycle through open apps, and launch the Task Manager to terminate the browser (End Task).
Pressing ‘Win Key + R’ should open the Windows command prompt. Type ‘cmd’ and then kill Chrome with ‘taskkill /IM chrome.exe /F.’
If all else fails, you can always perform a hard reset by holding the Power button until the computer shuts down. This may result in losing unsaved work, but this scenario should still be better than having account credentials stolen.
When rebooting, press F8, select Safe Mode, and once you’re back on the OS, run a full antivirus scan to locate and remove the malware. Spontaneous kiosk mode browser launches are not normal and shouldn’t be ignored.