Be careful with your passwords on Google Chrome, cybercriminals can spy on you

Through deception, cybercriminals trick users into handing over their passwords to fake sites. (REUTERS/Dado Ruvik/Illustration/File Photo)
Cybercriminals are always looking for ways to steal our passwords, and one of the latest ways they do it is by using the kiosk or full-screen mode in Google Chrome.

Using this, cybercriminals trick users into stealing access credentials for services like Google. This technique has been observed since August 2024 and has been used in conjunction with StealC malware, primarily by the Amadey malware.

The attack begins by infecting the victim's device with the Amadey malware, which acts as a vehicle for an even more dangerous malware known as StealC. This type of malware forces Google Chrome to enter a special mode called kiosk mode. It is a full-screen mode originally designed for public terminals, Like interactive kiosks or points of sale, users only need to interact with the browser without accessing other functions of the operating system.

(illustrative image information)
(illustrative image information)

In an attack, cybercriminals use kiosk mode to hide key browser components that allow the user to notice the hoax. For example, in this mode the browser's address bar and menus disappear, preventing the victim from viewing the fraudulent URL. Besides, Functions such as the ESC or F11 keys are disabled, preventing the user from exiting full screen or closing the window easily.

If the browser is in kiosk mode, attackers redirect the victim to a fake Google login page. This page mimics the design and look of a formal login page, prompting users to enter their username and password.

See also  They discovered the origin of Earth's "second moon," which was as large as the Statue of Liberty.

When the user enters their credentials on the page, they are captured by the StealC malware and sent to the attackers. Within seconds, cybercriminals can access the victim's Google account and from there they can perform all kinds of illegal activities, Such as additional information theft, access to other services linked to the account, or financial fraud

Through deception, cybercriminals trick users into handing over their passwords to fake sites. (GOOGLE)
Through deception, cybercriminals trick users into handing over their passwords to fake sites. (GOOGLE)

One of the main reasons this attack is so effective is its ability to trick users into thinking they are interacting with a legitimate page. Having the browser full screen and locked creates a sense of urgencyIt leads the user to enter their data without thinking much about the trustworthiness of the site.

In addition, many users regularly re-authenticate their Google accounts, so the request to enter credentials does not seem suspicious to them. This familiarity, along with the inability to close the window or exit kiosk mode, increases the likelihood that a victim will enter their username and password without hesitation.

Another factor that makes this attack dangerous is that once cybercriminals gain access to a Google account, they can use it to carry out various illegal activities. From accessing other services linked to a Google Account to stealing personal or financial information, the potential for exploitation is huge.

Through deception, cybercriminals trick users into handing over their passwords to fake sites. (illustrative image information)
Through deception, cybercriminals trick users into handing over their passwords to fake sites. (illustrative image information)

Considering the sophistication of this technique, it is important to take preventive measures to protect yourself. Here are some key recommendations:

  • Keep your software up to date– Make sure both your operating system and your Google Chrome browser are always up to date. Updates usually include security patches that fix vulnerabilities.
  • Use safety equipment: A good antivirus or antimalware program can help detect and remove potential threats before they compromise your computer.
  • Be aware of unusual behavior: If your browser enters full screen mode without your request and you can't exit with ESC or F11 keys, you may be a victim of this attack. If so, try closing the browser by pressing Alt + F4 on Windows or Command + Q on Mac.
  • Avoid clicking on suspicious links– Malware like Amadey usually infects devices when the user downloads files or accesses malicious links. Be wary of emails or messages containing links or attachments from unknown sources.
  • Enable two-step verification (2FA).– Two-factor authentication adds extra security to your accounts, making it difficult for attackers to gain access even if they manage to steal your password.
See also  This is the list of Android and iPhone cell phones that will lose the WhatsApp app in October

Misty Tate

"Freelance twitter advocate. Hardcore food nerd. Avid writer. Infuriatingly humble problem solver."

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top