Hackers Target Chrome Users to Steal Google Passwords

Recent research has uncovered a new method employed by hackers to extract Google account credentials from Chrome users. This technique involves the use of malware known as StealC, which locks the browser in kiosk mode, effectively preventing users from escaping or closing the application. The only visible element on the screen is a login window, typically for Google accounts, compelling users to enter their credentials under duress. This method has been in use since at least August 22, as confirmed by the Open Analysis Lab researchers. The attack begins with the victim being infected by the Amadey hacking tool, which has been operational for over six years. Once the victim's system is compromised, Amadey loads the StealC malware, which is responsible for stealing the entered credentials. The credential flusher then launches the browser in kiosk mode, ensuring that the victim is unable to navigate away from the login prompt. The researchers emphasize the psychological aspect of this attack, noting that the frustration caused by being locked in kiosk mode is a key factor in tricking users into providing their passwords. This method represents a shift in tactics, focusing on user annoyance as a means to achieve credential theft. To mitigate the risk of falling victim to such attacks, users are advised to boot their systems in Safe Mode and conduct thorough malware scans. Tools like Malwarebytes offer free scanning options to help identify and remove infections, thereby protecting users from future credential-stealing attempts.