An annoying new kind of malware locks your browser to steal Google login details

It’s easy to circumvent, but not everyone knows how

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers have recently spotted a new piece ofmalwarelooking to steal victim’sGooglelogin credentials by boring them into submission.

It is an unusual tactic, with no clear statistics about its effectiveness. The malware does not have a specific name, but is part of the Amadey malware loader, and was discovered by cybersecurity researchers from OALABS, who claim the campaign has been active since late August 2024.

Besides the unnamed malware (coming in the form of a AutoIt script), the loader also deploys the StealC infostealer, which is used later in the attack.

Multiple workarounds

When the malware infects a device, it launches itsbrowserin kiosk mode - a feature that allows the browser to run in full-screen mode without any user interface elements like address bars, toolbars, or menus. It’s typically used in public or restricted environments (think - kiosks), where users need access to a limited set of functionalities, such as accessing a specific website or web application without the ability to navigate elsewhere.

It then forces the browser to visit a page where users go to reset their Google password. That page first requires the user to enter their old password which, during the process, is grabbed by the StealC infostealer and relayed to the attackers.

Besides opening the browser in kiosk mode and preventing victims from accessing the navigation bar, the malware also disables the Escape and F11 keys. That way, computer users who aren’t that tech-savvy will think the only way to move past the Google screen is to type in their login credentials.

That is obviously not the case, and the browser can easily be circumvented with ALT+TAB, CTRL+ALT+DEL, ALT+F4, and many other keyboard shortcuts. Alternatively, holding down the power button (or unplugging the device, in case it’s a PC) will reset it. All of these alternatives are better than giving away your login credentials to crooks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Sihoo Doro S100 ergonomic office chair review