Cybercriminals have found a new way to steal your Google passwords in Chrome, and they’re doing it right from the official Google sign-in page. This recent attack uses a sneaky piece of malware known as AutoIt Credential Flusher, which researchers at OALabs discovered. Once you land on the Google sign-in page, the attack traps you, capturing your email and password as you attempt to sign in.
This attack is especially dangerous because it doesn’t redirect you to a fake page. Instead, it abuses a browser feature called “kiosk mode,” making it difficult for you to exit the page. Kiosk mode is a full-screen interface that removes typical browser elements like the address bar and navigation buttons. It’s usually employed for demonstration purposes, such as on a display laptop in a store. Hackers have found a way to use this mode to lock you onto the sign-in page, making you more likely to enter your credentials out of frustration.
How the attack works
In this attack, you’re kept on the legitimate Google sign-in page, but kiosk mode is activated to prevent you from leaving. Normally, you might exit full-screen mode by pressing Esc or F11, but the malware blocks these commands, leaving you trapped. While attempting to sign in, another malware called StealC lurks in the background, waiting to steal your credentials.
The widespread use of Google accounts makes this tactic even more concerning. Many websites and apps, including popular platforms like Facebook and Digital Trends, offer a Google sign-in option. This means that if a hacker gains access to your Google account, they could quickly gain entry to many other linked accounts.
What to do if you’re caught
If you ever find yourself stuck on the Google sign-in screen and unable to exit, don’t panic. There are a few hotkeys you can try to escape. Using Alt + Tab will let you switch between open windows, which may allow you to close Chrome. Pressing Ctrl + Alt + Delete will bring up Task Manager, where you can force Chrome to close as a process. Another option is to press Alt + F4, which instantly closes the current application. As a last resort, holding down the power button on your computer will shut it down completely.
Once you’ve exited the browser, it’s important to scan your system with antivirus software immediately. For a recommendation, check out some reliable antivirus programs, such as Avast One Gold, for quick and easy protection.
Not just Chrome
Although this attack has mainly targeted Chrome, it’s worth noting that other browsers are also vulnerable. The malware doesn’t discriminate and will attempt to lock any browser on your PC into kiosk mode. This includes Microsoft Edge, the default browser for Windows 11. Fortunately, the hotkey methods mentioned earlier should work no matter which browser is affected.
By staying aware of this new threat and knowing how to respond, you can protect your online security and prevent hackers from stealing your valuable Google credentials.
