Application security, Malware, Threat Intelligence

Novel malware attack conducts kiosk mode credential theft

Share
Google Chrome icon on a computer screen

BleepingComputer reports that malicious payloads, particularly the Amadey malware, have been locking victims' browsers into kiosk mode to lure inputs of Google credentials, which would be later exfiltrated by information-stealing malware.

Attacks as part of the campaign, which commenced in late August, involved the Amadey malware spreading a credential-flushing AutoIT script, which would launch a URL for replacing Google account passwords in kiosk mode and establish parameters that would prevent user escape via the F11 and Escape keys, an analysis from OALABS revealed. Inputting credentials on the Google password change URL would then trigger exfiltration by the StealC infostealer, according to researchers, who recommended the usage of other hotkey combinations, including 'Ctrl + Shift + Esc', 'Alt + Tab', and 'Ctrl + Alt +Delete'. Users impacted by the attack could also trigger the command prompt via 'Win Key + R' before inputting 'cmd' and killing the Chrome browser or conducting a hard reset of the impacted device.

Novel malware attack conducts kiosk mode credential theft

Attacks as part of the campaign, which commenced in late August, involved the Amadey malware spreading a credential-flushing AutoIT script, which would launch a URL for replacing Google account passwords in kiosk mode and establish parameters that would prevent user escape via the F11 and Escape keys, an analysis from OALABS revealed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.