Hackers are tricking Chrome users into revealing their Google passwords
Hackers have long employed various tactics to gain access to Google accounts, which can hold valuable information such as emails or cryptocurrency wallet keys.
Recent research has uncovered a sneaky new method that cybercriminals are using to pressure Chrome users into disclosing their Google account passwords. The attack, involving malware known as StealC, traps users by launching their browser in kiosk mode, where both the F11 and ESC keys are disabled, preventing any escape from full-screen mode. The only thing visible is a login window, typically for a Google account, leaving users frustrated and seemingly stuck.
How hackers use a new frustrating tactic to steal Google passwords
Hackers have long employed various tactics to gain access to Google accounts, which can hold valuable information such as emails or cryptocurrency wallet keys. Some previous methods include malware that reads SMS messages to steal two-factor authentication codes. Now, a new technique using StealC malware is gaining attention for its simplicity and effectiveness. According to researchers from Open Analysis Lab, this approach has been active since at least August 22. It forces victims to enter their credentials into a browser window from which the malware then extracts and steals them. The tactic involves launching the victim's browser in kiosk mode and directing them to a Google login page. Since kiosk mode prevents the user from navigating away or closing the app, they have no choice but to face the Google login prompt.
Google account credential flusher vs. credential stealer
Interestingly, the credential "flusher" itself doesn't directly steal the credentials. Instead, it frustrates the user enough to prompt them to enter their own login details. Once the victim submits their credentials, StealC, a simple credential-stealing malware, takes over and retrieves the passwords from Chrome's credential store to send to the hackers. This attack involves several well-known tools, including the Amadey hacking tool, which has been active for over six years, used to load the malware. OALabs researchers worked with partners like the Loader Insight Agency to map out the stages of a typical attack.
What's Your Reaction?