Cybersecurity experts have identified a new and insidious method for stealing Google credentials, leveraging Chrome’s Kiosk Mode to create a fake login scenario that could catch many users off guard. As detailed in a report by OALabs, this innovative attack combines two techniques to effectively lock users into a phishing trap.
The attack starts with a Windows program that opens a counterfeit Google login page within Chrome and activates Kiosk Mode. This mode is typically employed in self-service kiosks and renders the browser in full-screen, preventing users from accessing other applications or even exiting the browser using conventional means like the F11 key. This creates a frustrating scenario where users feel compelled to interact with the only visible screen: the fake login page.
Users are led to believe they must enter their Google credentials to proceed, and once they do, the data is harvested by another program and sent directly to the hacker. This allows the attacker to not only gain access to the victim’s Google account but also to potentially lock them out by changing their password, affecting access to Gmail and any third-party services linked through Google.
While this tactic has predominantly been seen targeting Chrome, it can be applied to other browsers with similar Kiosk Mode features. Users familiar with Windows may recognize the Ctrl + Alt + Delete shortcut as a means to access the Task Manager and terminate the malicious browser process, but even experienced users might fall victim to the immediate pressure of a full-screen prompt.
To protect yourself from this type of identity theft, always verify the source of your downloads and maintain a critical eye for unexpected prompts. If you find yourself faced with an unanticipated full-screen Google login page, prioritize exiting and conducting a comprehensive virus scan to detect any potential threats.