Cybercriminals are getting creative, and a recently uncovered malware is no exception. Instead of using sophisticated techniques to break into users’ systems, this new malware takes a more frustrating approach: it bores victims into submission, tricking them into giving up their Google login credentials.

Discovered by cybersecurity researchers at OALABS, this unnamed malware has been part of the Amadey malware loader campaign, active since late August. Though it doesn’t yet have a catchy name, the malware’s purpose is clear—steal personal login data. In this case, it uses the StealC infostealer to capture user credentials in a seemingly endless loop of browser hijacking.

The Malware’s Trick

Once the malware infects a device, it activates the browser’s kiosk mode—a feature commonly used in restricted environments where users have access to only a limited set of web functionalities. But in this case, instead of helping users, the malware locks them into a Google password reset page, making it seem as if they must input their old password to continue. When users enter their password, StealC swoops in, stealing the information and sending it back to the attackers.

The malware takes extra steps to ensure users stay trapped. It disables both the Escape and F11 keys, making it appear that there is no way out of the full-screen browser mode. This leaves users feeling stuck, thinking the only solution is to enter their credentials.

A Simple Way Out

Despite the malware’s annoying tactics, users can still escape without giving up their information. Common keyboard shortcuts like ALT+TAB, CTRL+ALT+DEL, and ALT+F4 can all exit the kiosk mode. Even something as simple as holding down the power button or unplugging the device can reset the system and free the user from the loop.

While this new malware may be more annoying than sophisticated, it serves as a reminder that cyberattacks don’t always have to be complex to be effective. Staying informed and learning how to react to these threats is one of the best defenses against falling victim to such schemes.

Was this Answer helpful?
YesNo