Imagine this, you step away from your computer for a minute with your browser open, only to come back and find Google Chrome stuck in kiosk mode. To make matters worse, you find that the Esc and F11 keys on your keyboard no longer work.
Unfortunately, this is a real situation that you could very well find yourself in thanks to a malware campaign designed to steal your Google password and other credentials.
As reported by BleepingComputer, the malware used in this new campaign is designed to frustrate users and trick them into entering their Google password to unlock their computer in order to get their browser out of kiosk mode. However, doing so not only gives the hackers behind this campaign your Google credentials but if you have other passwords saved in your browser, they could end up taking control of the rest of your online accounts.
Here’s everything you need to know about this new malware campaign including how to get your browser out of kiosk mode the safe way and what you can do to keep your computer safe from hackers.
Tricked by the Amadey malware
According to a new report from OALABS whose researchers discovered this new attack method, it has been in use by hackers since August of this year. This attack and others like it rely on the Amadey malware loader, info-stealer and system reconnaissance tool which was first deployed back in 2018.
Like other malware strains, Amadey is spread through malicious attachments, malicious ads, pirated software and malicious files. While OALABS didn’t mention the exact infection chain used in this new attack in its report, any of these could lead to your browser being forced into kiosk mode by hackers.
For those unfamiliar with kiosk mode, it’s a special configuration used by both browsers and apps which runs in full-screen mode to limit user interaction. You’ll typically find devices in kiosk mode when you head to your local electronics retailer as companies want to show off what their devices are capable of without giving you a chance to interact with them on your own.
With this attack, the hackers behind it are abusing Chrome’s kiosk mode to limit what someone can do on their own computer. The idea is that if someone is extremely frustrated, they may just give in and enter their credentials without thinking clearly about the situation first.
If someone enters the password for their Google account, it is quickly stolen by the StealC malware and relayed back to the hackers behind this campaign. You may be able to quickly change your password afterwards but it’s unlikely the hackers would give you enough time to do so. Instead, they’re now in control of your Google account and any passwords you may have saved to Google Password Manager.
How to get out of kiosk mode and keep your PC safe from malware
So what do you do if you step away from your PC and come back to Google Chrome in kiosk mode? Well for starters, you shouldn’t panic as that’s exactly what the hackers behind this campaign want.
While the Esc and F11 keys on your keyboard may no longer work, you should try other keyboard shortcuts for switching and closing apps such as Alt + F4 (closes an app), Ctrl+ Shift + Esc (opens task manager), Ctrl + Alt + Delete (lets you close an app or reboot your computer) and Alt + Tab (switches apps).
By using the keyboard shortcuts above, you may be able to bring your desktop to the foreground, cycle through your other open apps or launch the Task Manager which will let you end the task your browser needs to run.
If nothing here works, you can always hold down the power button on one of the best Windows laptops until your computer completely shuts down. Then, you can press F8 as you boot up your computer and select Safe Mode. In this limited version of Windows, you’ll be able to run a full malware scan to find and then eliminate Amaday or the StealC malware for good.
To keep your PC safe from malware threats in the future, you should consider using the best antivirus software. Microsoft’s own Windows Defender will certainly do the job but paid antivirus software often comes with useful extras like a VPN or a password manager to help keep you even safer online.
As people get wise to the tricks used by hackers, they have to come up with new ones to get unsuspected users to fall for their attacks. This new campaign is just the latest example of this. However, if you’re careful online, install updates as soon as they become available and avoid downloading attachments or clicking on links from unknown senders, you should be okay.