Connect with us

cybersecurity

Novel malware attack conducts kiosk mode credential theft

BleepingComputer reports that malicious payloads, particularly the Amadey malware, have been locking victims’ browsers into kiosk mode to lure inputs of Google credentials, which would be later exfiltrated by information-stealing malware.

Attacks as part of the campaign, which commenced in late August, involved the Amadey malware spreading a credential-flushing AutoIT script, which would launch a URL for replacing Google account passwords in kiosk mode and establish parameters that would prevent user escape via the F11 and Escape keys, an analysis from OALABS revealed. Inputting credentials on the Google password change URL would then trigger exfiltration by the StealC infostealer, according to researchers, who recommended the usage of other hotkey combinations, including ‘Ctrl + Shift + Esc’, ‘Alt + Tab’, and ‘Ctrl + Alt +Delete’. Users impacted by the attack could also trigger the command prompt via ‘Win Key + R’ before inputting ‘cmd’ and killing the Chrome browser or conducting a hard reset of the impacted device.

Source: Novel malware attack conducts kiosk mode credential theft

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright © 2022 Inventrium Magazine

%d bloggers like this: