A new malware campaign has emerged in the tech world, employing an unconventional method to trap users in their browsers’ kiosk mode. This tactic is intended to pressure users into entering their Google credentials, which are then captured by information-stealing malware.
Specifically, the malware confines the user’s browser to Google’s login page, providing no straightforward means to exit. It also disables the “ESC” and “F11” keys to prevent users from closing the window.
The malicious actors aim to frustrate users sufficiently to encourage them to enter and save their Google credentials in the browser, falsely promising that this action will “unlock” their computers.
Once the credentials are stored, the StealC information-stealing malware retrieves them from the credential store and transmits them to the attacker.
Residents of Fiji experiencing this issue are advised not to enter their credentials and to ensure their anti-virus programs are updated on their devices.