New Windows Malware Locks Computer in Kiosk Mode

Clever:

A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.

Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys. The goal is to frustrate the user enough that they enter and save their Google credentials in the browser to “unlock” the computer.

Once credentials are saved, the StealC information-stealing malware steals them from the credential store and sends them back to the attacker.

I’m sure this works often enough to be a useful ploy.

Tags: , , ,

Posted on September 25, 2024 at 7:00 AM4 Comments

Comments

jbmartin6 September 25, 2024 7:45 AM

Similar to what fake AV alert attacks have been doing. Who thought that allowing content of unknown origin control which keys the user can press was a good idea?

Clive Robinson September 25, 2024 10:22 PM

Further proof if required that authentication tokens should always be dynamic and the equivalent of “one time” on the wire.

And that “passwords / passphrases” and similar static “human memorable” authentication tokens should only ever be used on devices that can not be connected to any kind of device that connects to any kind of communications.

Babi September 27, 2024 2:21 PM

Disconnect your internet first by clicking on keyboard keys or wires. Then use Control+Alt+del to close browser or trun of windows.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.