Bleeping Computer (via Tom’s Guide) reports new malware designed to steal your Google credentials by locking your browser in kiosk mode. By freezing your browser on the Google login page, it prompts you for your login information, which it steals and sends to the attacker. It also specifically locks your Esc and F11 keys, which might otherwise be your go-to combination to escape this situation.
Kiosk mode, as the name suggests, is a dedicated mode designed for public booths or workstations. It disables the device to force it to run only one program, the kiosk-specific program.
This malware randomly locks your device in kiosk mode by displaying a Google login page on your browser. Due to the lack of options and the inability to use the Esc + F11 keyboard shortcut, you may be tempted to simply provide it with your credentials to continue your work. This malware’s plan is to exploit your frustration by exploiting the kiosk model.
The attack directs users to a URL that leads to the Google change password page. Here, the victim enters the current password and the new password, giving the information stealer access to both passwords.
The report mentioned that the malware loading tool Amadey was behind this attack and had been deployed for this task since August 22, 2024. Stolen by StealC, an information stealing program launched in early 2023.
how to bypass it
If you find yourself unfortunate enough to encounter this malware, you can try using alternative hotkey combinations. Bleeping Computer recommends Alt + F4, Ctrl + Shift + Esc, Ctrl + Alt +Delete, and Alt +Tab. One of them might let you loop running apps or trigger Task Manager so you can close your browser, they add. They also recommend using the Window key + R combination to launch the Windows command prompt. If successful and the prompt appears in the small box in the lower left corner of the screen, enter “cmd” and then “taskkill /IM chrome.exe /F” to terminate Chrome.
The report also mentions that you can always hold down the power button to hard reset the device. This will have the unfortunate but inevitable consequence of losing all your work, but that’s nothing compared to having your Google credentials stolen. When you recover from a reboot and the device is up and running normally, make sure to perform an antivirus scan first to eliminate malware.
