A recently published research by Open AI Lab Analysis revealed a new technique hackers use to steal passwords. The technique used reveals the victim’s password out of sheer frustration. The malware campaign uses StealC to lock the user’s browser in kiosk mode and eventually blocks the keys, F11 and Esc to prevent an escape from the full-screen mode.

How Does the Annoyance Technique Lead to the Stealing of User Passwords?

The threat or malware actors utilize several methods providing access to several Google accounts, a key to your Gmail box, and security treasures. In recent years, we have come across malware and cybercriminals using optical character recognition (OCR) to grab crypto passwords and everything that targets authentication codes by permitting users to read messages.

However, StealC uses a simple and effective method of gaining Google account credentials.

However StealC uses a simple and effective method of gaining Google account credentials

The research by OpenAI Analysis Lab states that the flushing campaign used the credential technique since August 2024.

In the detailed analysis, the OALABS researchers confirm that the malware hackers influences the victim to enter the credentials from where they could steal it.

A statement by the researcher read,

The technique involves launching the victim’s browser in kiosk mode and navigating to the login page of the targeted service, usually Google.

Google Account Credential Is Not a Credential Flusher

Reportedly, the flusher is not a credential stalker.

However, it only applies to the required influence to get the frustrated victim into entering the credentials themselves. After doing this, StealC, a bog-standard bit of credential-stealing software, allegedly enters the credential software and successfully delivers it to the attackers. Additionally, it is possible by deploying many numerous elements.

How To Save Yourself From a Kiosk-Made Attack?

While it features itself as an impossible task, the researchers have explained a solution to help users exit the kiosk mode without using the Esc or F11 keys.

The affected users must use the combination of keys,  Alt + F4, Ctrl + Shift + Esc, Ctrl + Alt +Delete, and Alt +Tab, to get to the desktop, and launch the task manager to kill the taskbar.

The same source also suggests utilizing the Win Key + R combination to open the Windows command prompt; following, the windows will be killed by “taskkill /IM chrome.exe /F.”

Another powerful and easy option is the power button shutdown. However, after taking this approach, ensure that you boot into safe mode with the F8 key to prevent it from happening again.

Categorized in:

Cybersecurity,

Last Update: September 16, 2024