Don’t trust that Google sign-in — how hackers are swiping passwords in Chrome
|
By
Jacob Roach Published September 17, 2024 |
Hackers are swiping passwords from Google accounts in Chrome, and it can happen from the official Google sign-in page. The vehicle being used is called the AutoIt Credential Flusher, and it was discovered by the researchers at OALabs. The attack locks you into your browser at the Google sign-in page and doesn’t allow you to leave, all while logging your email and password as you sign into your Google account.
The attack leverages “kiosk mode” in Chrome, which is a limited full-screen interface that doesn’t have elements like the address bar or navigation buttons. It’s used mainly for demonstration purposes — think a laptop on display at Best Buy. And this attack is using kiosk mode to annoy users enough that they give up their passwords. It also blocks some normal commands to exit full-screen mode, such as Esc and F11.
What’s tricky about the attack is that it happens on the official Google sign-in page. It doesn’t redirect you to a fake sign-in page. Instead, the malware is abusing kiosk mode to lock you into signing into your Google account, and it leverages a piece of malware called StealC to swipe your credentials as you’re signing in. With this attack, it’s possible to pass along your Google account details without even suspecting that your PC is infected.
Worse, Google accounts are often tied to dozens of other accounts. Social sign-on features are available across hundreds of websites, allowing you to use your Google account to sign in — even Digital Trends has a Google sign-in feature. If an attacker steals your Google credentials, they could have access to your other accounts if you’ve engaged with these features.
If you find yourself locked on the Google sign-in screen, there are a few other hotkeys you can try. Alt + Tab will cycle through windows and allow you to close the Chrome window. Ctrl + Alt + Delete allows you to pull up Task Manager and end Chrome as a process. And Alt + F4 will immediately close any application. If all else fails, you can also hold down the power button on your PC. After you’ve exited, make sure to run a scan with antivirus software — read our Avast One Gold review if you’re looking for a simple antivirus option.
Although this attack is focused on Chrome, it can affect other browsers. The malware will try to lock any browser available on your PC in kiosk mode, including Microsoft Edge, which is built into Windows 11. The hotkeys above will work regardless of the browser, however.
Related Posts
This extraordinary humanoid robot plays basketball like a pro, really
Digital Trends has already reported on the G1’s ability to move in a way that would make even the world’s top gymnasts envious, with various videos showing it engaged in combat, recovering from falls, and even doing the housework.
How to Use Pollo AI Video Generator: A Step-by-Step Guide
Here we’re talking about the Pollo AI video generator which can be used with a variety of prompts, and I’ll talk you through using each one.
This 49-inch curved Samsung ultrawide is down to $799.99 and basically replaces two monitors at once
You’re getting a massive 49-inch curved Dual QHD panel, 120Hz refresh rate, USB-C, HDR400, and an adjustable stand that’s built for serious productivity but still fast and smooth enough for after-hours gaming.