In a rather unconventional approach, a malware campaign has emerged that traps users in their browser’s kiosk mode, creating an environment of frustration designed to coerce them into revealing their Google credentials. This cunning tactic involves the malware locking the browser on the Google login page, rendering it nearly impossible for users to exit the window. The attackers have cleverly turned off the ESC and F11 keys, further entrenching their victims in this digital snare.
The underlying objective is clear: to irritate users to such an extent that they feel compelled to input and save their Google login details in hopes of regaining control over their browsers. Once these credentials are stored, the StealC information-stealing malware springs into action, extracting the sensitive data from the credential store and transmitting it straight back to its creator.
Research conducted by OALABS has revealed that this bizarre method of attack has been active since at least August 22, 2024. It is primarily associated with Amadey, a notorious malware loader and info-stealer that also functions as a system reconnaissance tool. First introduced by cybercriminals in 2018, Amadey deploys an AutoIt script upon execution. This script functions as a credentials flusher, scanning infected machines for accessible browsers before launching one in kiosk mode directed at a predetermined URL.
The script includes specific commands that launch either Chrome or Edge in kiosk mode on the Google login page while simultaneously configuring the browser to ignore inputs from both F11 and Escape keys—effectively trapping users within this restricted environment.
Kiosk mode itself is typically intended for scenarios where user interaction needs to be limited—such as public kiosks or demonstration terminals—allowing applications or web pages to run full-screen without standard navigation elements like toolbars or address bars. However, in this instance involving Amadey, kiosk mode is maliciously exploited to confine user actions solely to the login page, leaving them with little choice but to enter their account information under duress.
If you find yourself in a bind, consider experimenting with various hotkey combinations like ‘Alt F4’, ‘Ctrl Shift Esc’, ‘Ctrl Alt Delete’, and ‘Alt-Tab.’ These shortcuts help you bring the desktop to the forefront, switch between open applications, or even open the Task Manager to close your browser forcefully. To access the Windows command prompt, press’ Win Key R’ and type in ‘cmd’. From there, you can terminate Chrome by entering ‘taskkill IM chrome.exe F.’
Should these measures fail you, a hard reset is always an option. Simply hold down the Power button until your computer powers off. While this could lead to unsaved work being lost, it’s still a preferable alternative to risking the theft of your account credentials. Upon restarting your machine, press F8 and choose Safe Mode. Once you’re back into your operating system, conduct a thorough antivirus scan to detect and eliminate any malware.
It’s important not to overlook any unexpected launches of kiosk mode browsers; such occurrences are abnormal and warrant attention. If you find yourself trapped in kiosk mode with neither Esc nor F11 providing relief, it’s vital to remain calm and refrain from entering any sensitive information into forms.
Remember that if all else fails, performing a hard reset is always an option—better safe than sorry when it comes to protecting your personal data.
Maxthon
Preventing malware phishing while using the Maxthon browser is crucial for maintaining your online security. Here are some effective strategies to enhance your protection.
First, always keep your Maxthon browser updated to the latest version. Updates often contain security patches that fix vulnerabilities.
Next, enable the built-in ad and script blocker features. These tools can prevent malicious ads and scripts from loading on web pages, significantly reducing phishing risks.
Additionally, you can use the Maxthon Browser’s privacy settings to control cookies and tracking. Lowering these settings can help minimize data exposure.
Be cautious about downloading extensions or add-ons. Only install those from trusted sources, as malicious extensions can compromise your system.
Moreover, familiarize yourself with common phishing tactics. Constantly scrutinize URLs for suspicious links and avoid entering personal information on unfamiliar websites.
Finally, consider using a reliable antivirus program alongside your browser. This extra layer of security can help detect and block potential threats before they impact your device.