A new hacking technique is targeting Google accounts through Chrome, and it can happen even on the official Google sign-in page. Researchers at OALabs have discovered a method known as the AutoIt Credential Flusher. This attack traps users on the Google sign-in page, preventing them from leaving while capturing their email and password information as they log into their Google accounts.
The attack exploits the “kiosk mode” feature in Chrome, which provides a limited full-screen display without certain elements like the address bar or navigation buttons. Typically used for demonstrations, this mode is now being used maliciously to trick users into revealing their passwords. It also blocks common exit commands such as Esc and F11.
Unlike typical phishing attacks that redirect users to fake sign-in pages, this attack occurs on the legitimate Google sign-in page. By leveraging kiosk mode, the malware locks users into the sign-in process and utilizes a malware known as StealC to steal their credentials during the authentication process. This stealthy attack can compromise Google account details without the user realizing their device has been infected.
Furthermore, Google accounts are often linked to numerous other accounts through social sign-on features, making them a prime target for attackers. If your Google credentials are compromised, the attacker may gain access to various other services linked to your account, including popular websites that use Google sign-in methods.
If you find yourself stuck on the Google sign-in screen, there are alternate hotkeys you can try to break free. Pressing Alt + Tab cycles through windows, allowing you to close the Chrome tab. Ctrl + Alt + Delete brings up the Task Manager to end Chrome as a process, while Alt + F4 closes the active application. In worst-case scenarios, powering off your device may be necessary. After escaping the malicious trap, running a thorough antivirus scan is recommended to ensure your system is secure.
While this attack primarily targets Chrome, it can impact other browsers as well. The malware attempts to force any available browser into kiosk mode, including Microsoft Edge on Windows 11. The provided hotkeys can help users free themselves from the trap regardless of the browser being used.
