A new and cunning hacking method is making waves, and it’s as bothersome as it is clever. Recent reports reveal that attackers are exploiting Chrome’s Kiosk Mode to take control of the browser, forcing it into full-screen and preventing any other interactions until you enter your Google password. Unfortunately, once you do, your credentials are promptly stolen.
According to a report from OALabs, this novel attack strategy for acquiring Google credentials combines two distinct techniques. Initially, a malicious Windows program opens a counterfeit Google login page in Chrome and activates Kiosk Mode. This feature displays the page in full-screen and restricts navigation to other applications, mimicking the experience of a self-service retail kiosk. Even tech-savvy users might struggle to escape this mode, as certain commands (like F11 to exit full-screen) are disabled.
On this counterfeit page, your only option is to input your Google login and password. Once submitted, another program captures this data and sends it to a remote hacker. In a worst-case scenario, the hacker could change your password, effectively locking you out of Gmail and any related accounts, including third-party services utilizing Google’s login features.
This malicious tactic is a formidable one-two punch for identity thieves. Although primarily focused on Chrome, the attack can also target other browsers equipped with similar Kiosk Mode functionalities.
While experienced Windows users may find ways to bypass the login prompt—using Ctrl + Alt + Delete to access Task Manager and close the browser, for instance—this direct approach is frustrating enough that even long-time PC users might inadvertently enter their Google passwords out of habit.
Always exercise caution when downloading software and remain aware of where you’re obtaining it. If you encounter an unexpected full-screen Google login page, the first step (after escaping) should be to conduct a thorough virus scan.