According to a team of researchers at OALABS – a malware analysis services company – stealers are now using a new type of Google Chrome malware that first locks users out of their system, preventing them from accessing any other apps and then forcing them to type in login credentials like usernames and passwords and then steal them.
The malware, dubbed ‘StealC’, uses a new technique called “AutoIt Credential Flusher” that forces victims to enter their Google account details to access the system. The researchers say that this technique has been in use since last month.
How hackers are stealing login info using the malware
The researchers claim that StealC uses Chrome’s Kiosk Mode feature, a functionality designed to restrict user access on public computers by locking them into a fullscreen Chrome window and disabling standard exit keys like F11 and Esc.
Used at public places, Kiosk Mode has its elements like toolbars, navigation buttons and the address bar removed from Chrome’s interface so that there is no interaction with people. The malware leverages this mode to present users with a seemingly unavoidable page that prompts them to enter their Google account credentials to regain control of their system.
Once the unsuspecting individual types in their username and password, this sensitive information is immediately captured and stolen by the StealC malware, an info-stealing program first identified in February of the previous year.
How to ‘quit’ Google Chrome’s Kiosk mode
If you are affected by this, and are stuck in Chrome’s Kiosk mode, use keyboard shortcuts like “Alt+F4”, “Ctrl + Shift + Esc”, “Ctrl + Alt + Delete” and “Alt+Tab” to exit the mode, or go to Windows Task Manager to quit the app.
If you are unable to do it, restart the PC, scan it for any virus or malware and remove them.