Beware of This New Malware Disguised as a Google Login Page

Bleeping Computer reports (via Tom’s Guide) on new malware that aims to steal your Google credentials by locking your browser in kiosk mode. By freezing your browser on a Google login page, it prompts you to enter your login info, which it steals and sends to the attacker. It also specifically locks your Esc and F11 keys, which could otherwise have been your go-to combo to escape the situation.

Kiosk mode, as the name suggests, is a dedicated mode designed for public booths or working stations. It disables the device so that it is forced to run just one program, the one that the kiosk is intended for.

The malware will randomly lock your device in kiosk mode by displaying a Google login page on your browser. Given the lack of options and the inability to use the Esc + F11 keyboard shortcut, you’d be tempted to simply give it your credentials to move on with your work. This malware’s scheme is to cash in on your frustration by exploiting kiosk mode.

The attack takes the user to a URL that leads to a Google change password page. Here, the victim enters their current and new passwords, giving an info-stealer access to both.

The report mentions that Amadey, a malware loader tool, is behind this attack and has been deployed for this task since August 22, 2024. The tool has generally been used for other cyber attacks since 2018. The credentials you enter are stolen by StealC, an info-stealer launched in early 2023.

How to bypass it

If you find yourself at the misfortune of this malware, you can try using alternative hotkey combos. Bleeping Computer suggests Alt + F4, Ctrl + Shift + Esc, Ctrl + Alt +Delete, and Alt +Tab. They add that one of these might let you cycle through running apps or trigger the Task Manager so you can shut your browser. They also recommend the Window key + R combo that launches the Windows command prompt. If you’re successful, and the prompt appears in a little box on its usual bottom-left corner of your screen, enter ‘cmd’ and then ‘taskkill /IM chrome.exe /F’ to terminate Chrome.

The report also mentions that you can always hard reset your device by holding down the Power button. This will lead to the unfortunate but inevitable outcome of losing all your work, but that’s nothing compared to having your Google credentials stolen. When you’re back from the reboot and your device is up and running as usual, make sure to run an antivirus scan first to eliminate the malware.