Researchers from OALABS, a company dedicated to analyzing malware, have identified a new online scam. It uses a feature from Google Chrome, Kiosk mode, to lock the screen and keep users from doing anything but enter their password. If the password is entered, hackers are able to steal it.
In the worse-case scenario, cybercriminals could change your password immediately, locking you out of your account and gaining access to your personal information.
According to PC World, this new scam is a combination of two techniques.
First, a Windows program loads a false Google login page and then activates Kiosk mode. Kiosk mode is used in public settings, where users must log in to individual accounts, and cannot view other users’ information. This mode should not be appearing on personal devices. The full-screen page prevents users from accessing any other programs.
Next, another program stores the Google login data and transmits it to the hacker. This malware, called “Steal C,” is a recent innovation.
What to do if you encounter this:
The usual “escape” and F11 keys may be disabled in this full-screen Kiosk mode. However, pressing “Control + Alt + Delete” should still bring you to the Task Manager, and allow you to shut this program down. You can also restart the computer. Afterwards, make sure that you contact ASIS, and we will run a full virus scan.