Hackers Trick Chrome Users into Revealing Google Passwords — Here’s How
Recent research has uncovered a cunning new technique that cybercriminals are using to force Chrome browser users to reveal their Google account passwords. The attack, which uses malware known as StealC, traps users in a frustrating situation by locking their browser in kiosk mode. This mode blocks the F11 and ESC keys, preventing users from exiting the full-screen display. The only thing visible on the screen during this ordeal is a Google account login window, leaving users with no apparent way out other than entering their credentials.
How Hackers Are Exploiting Frustration to Steal Google Passwords
Hackers have long employed various methods to gain access to Google accounts, which can unlock not only Gmail inboxes but also sensitive information like crypto-wallet passphrases. Previous attacks have used malware to read two-factor authentication codes or grab passwords using optical character recognition. The new technique involving StealC, however, is particularly effective because it preys on the victim’s frustration. By trapping users in an inescapable login window, the malware tricks them into voluntarily entering their account information.
According to researchers at Open Analysis Lab (OALabs), this credential-stealing campaign has been active since at least August 22. The attack begins when the malware launches the victim’s browser in kiosk mode and navigates to a Google login page. Once in this full-screen mode, the user cannot exit or switch applications, leaving them with no choice but to provide their login credentials. The malware then steals these details, giving the hackers access to the victim’s Google account.
Credential Flusher vs. Credential Stealer
Interestingly, the mechanism used to obtain passwords isn’t technically a credential stealer itself. Instead, the tactic serves as a “credential flusher,” forcing victims to hand over their information through frustration. Once the user inputs their credentials, the StealC malware takes over and extracts the passwords from Chrome’s credential storage. The attackers rely on a combination of known tools, including the Amadey hacking tool, which has been in use for over six years, to complete the attack.
This attack demonstrates how hackers are leveraging a variety of methods and tools to orchestrate such campaigns. With help from partners like the Loader Insight Agency, researchers have been able to trace the roadmap of a typical attack, further emphasizing the need for vigilance when dealing with suspicious browser behavior.