Forbes reports:
Newly published research has revealed how threat actors are using a devious new technique to force Chrome browser users to reveal their Google account passwords out of nothing more than sheer frustration. The credential-stealing campaign, which uses malware called StealC, locks the user’s browser in kiosk mode while blocking both the F11 and ESC keys to prevent them from escaping out of this full-screen mode. The only thing displayed on the browser screen while in this annoying and seemingly unescapable kiosk mode is a login window, most often for your Google account itself, according to the researchers.
The Open Analysis Lab researchers have revealed how the credential flushing campaign has been using the technique since at least August 22. In their analysis, the OALabs researchers confirmed that the hackers force the victim into entering their credentials into the browser from where the malware can then steal them.
Read more at Forbes.