An annoying new kind of malware locks your browser to steal Google login details

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)

Cybersecurity researchers have recently spotted a new piece of malware looking to steal victim’s Google login credentials by boring them into submission.

It is an unusual tactic, with no clear statistics about its effectiveness. The malware does not have a specific name, but is part of the Amadey malware loader, and was discovered by cybersecurity researchers from OALABS, who claim the campaign has been active since late August 2024.

Besides the unnamed malware (coming in the form of a AutoIt script), the loader also deploys the StealC infostealer, which is used later in the attack.

Multiple workarounds

When the malware infects a device, it launches its browser in kiosk mode - a feature that allows the browser to run in full-screen mode without any user interface elements like address bars, toolbars, or menus. It's typically used in public or restricted environments (think - kiosks), where users need access to a limited set of functionalities, such as accessing a specific website or web application without the ability to navigate elsewhere.

It then forces the browser to visit a page where users go to reset their Google password. That page first requires the user to enter their old password which, during the process, is grabbed by the StealC infostealer and relayed to the attackers.

Besides opening the browser in kiosk mode and preventing victims from accessing the navigation bar, the malware also disables the Escape and F11 keys. That way, computer users who aren’t that tech-savvy will think the only way to move past the Google screen is to type in their login credentials.

That is obviously not the case, and the browser can easily be circumvented with ALT+TAB, CTRL+ALT+DEL, ALT+F4, and many other keyboard shortcuts. Alternatively, holding down the power button (or unplugging the device, in case it’s a PC) will reset it. All of these alternatives are better than giving away your login credentials to crooks.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

TOPICS