Chrome Users Beware: Hackers Employ Devious Tactic to Steal Google Passwords
A new hacking campaign is using malware called StealC to steal Google account passwords from Chrome users. The attack locks users in a full-screen kiosk mode, preventing escape and displaying only a Google login window. The technique relies on user frustration to compel victims to enter their credentials voluntarily.
The credential-stealing campaign, which utilises malware known as StealC, exploits a combination of browser manipulation and user frustration to achieve its nefarious goals.
The attack begins by locking the user's Chrome browser in kiosk mode, a full-screen deployment that prevents normal navigation. Crucially, the hackers block both the F11 and ESC keys, eliminating the usual methods of escaping this restrictive view. With the victim trapped, the only thing visible on the screen is a login window, typically for their Google account.
This devious method represents a significant evolution in the ongoing battle for access to valuable Google accounts. These accounts are prized by cybercriminals as they often serve as gateways to sensitive information in Gmail inboxes or even crypto-wallet passphrases. While previous attacks have employed sophisticated techniques such as optical character recognition or SMS interception, StealC takes a surprisingly simple yet effective approach: annoying users into compliance.
The Open Analysis Lab (OALabs) researchers, who uncovered this campaign, report that it has been active since at least 22 August. Their analysis confirms that the hackers essentially force victims to enter their credentials into the browser, from where the malware can then steal them.
Interestingly, the initial 'credential flusher' component of the attack isn't actually responsible for stealing the credentials. Instead, it applies the necessary pressure to frustrate users into entering their account details voluntarily. Once this is accomplished, the StealC malware deploys to harvest the passwords from Chrome's credential store and transmit them to the attackers.
The researchers note that this campaign relies on a combination of existing hacking tools and techniques. At its core is the Amadey hacking tool, which has been in circulation for at least six years and is responsible for loading the malware. The Loader Insight Agency, a threat intelligence partner of OALabs, helped map out the typical attack sequence.
• A new hacking campaign is using malware called StealC to steal Google account passwords from Chrome users.
• The attack locks users in a full-screen kiosk mode, preventing escape and displaying only a Google login window.
• The technique relies on user frustration to compel victims to enter their credentials voluntarily.
Source: FORBES