Dangerous A new campaign extracts passwords from the browser Shut down your computer by viewing this page
We have already seen on many occasions criminal activities that we could have predicted without falling victim to cybercrime. But there are other times when these techniques are more difficult to detect and we can end up at any moment in the networks of these criminals. Without going any further, a new computer virus campaign has unleashed chaos in the last hours, threatening user security by extracting Google passwords through Internet browsers.
The situation we will mention below is a clear example of why we should never lower our arms or relax until cybercriminals have the opportunity to steal all our information. But the truth is that many people have already been affected after they learned about the latest trick of a group of hackers that raised all the alarms by installing malware that directly blocks the Internet browser every time users try to log in to legitimate websites.
This virus, called StealC, spreads via the Amadey network, a malware loader that was first planted by hackers in 2018. In this way, those behind it obtain the credentials of a series of computers they control. But how could they have access to all our data?
- Steal password in kiosk mode
OALABS researchers have discovered a dangerous method of cybercriminals that they have been using since August 22, 2024, executing an AutoIt script in order to clear the passwords of affected users. Specifically, their attack tactic consists of running the Internet browser in kiosk mode, i.e. in full screen mode and without the user having the possibility to perform specific functions, such as minimizing or closing the window, either by pressing the Esc or F11 keys, and even without the ability to change pages. Therefore, the only way to proceed is by entering your account login data.
Specifically, the way it works is as follows. First, Amadey infects the device. Next, the StealC malware is downloaded from an external server, and finally, the AutoIt password cleaner is presented using kiosk mode and makes the user believe that it is a completely legitimate website.
This usually happens on login pages, like Google, although it also happens on any other domain that indicates you put your most sensitive information. So once you enter your data they steal it.
- How to exit kiosk mode?
As we mentioned before, it will not be possible to exit kiosk mode if you find yourself at one of these crossroads, since the most common keys for closing windows, such as Esc or F11, will not work for you. However, what you can do is avoid filling out forms with your personal data.
Another alternative to avoid kiosk mode is to try hotkey combinations, such as Alt+F4 or Ctrl+Shift+Esc or Ctrl+Alt+Dlt and Alt+Tab. This will help you safely return to the desktop and close the browser immediately using Task Manager by clicking End Task. If all else fails, close your browser immediately.