Hackers are swiping passwords from Google accounts in Chrome, and it can happen from the official Google sign-in page. The vehicle being used is called the AutoIt Credential Flusher, and it was discovered by the researchers at OALabs. The attack locks you into your browser at the Google sign-in page and doesn’t allow you to leave, all while logging your email and password as you sign into your Google account.
The attack leverages “kiosk mode” in Chrome, which is a limited full-screen interface that doesn’t have elements like the address bar or navigation buttons. It’s used mainly for demonstration purposes — think a laptop on display at Best Buy. And this attack is using kiosk mode to annoy users enough that they give up their passwords. It also blocks some normal commands to exit full-screen mode, such as Esc and F11.
What’s tricky about the attack is that it happens on the official Google sign-in page. It doesn’t redirect you to a fake sign-in page. Instead, the malware is abusing kiosk mode to lock you into signing into your Google account, and it leverages a piece of malware called StealC to swipe your credentials as you’re signing in. With this attack, it’s possible to pass along your Google account details without even suspecting that your PC is infected.
Worse, Google accounts are often tied to dozens of other accounts. Social sign-on features are available across hundreds of websites, allowing you to use your Google account to sign in — even Digital Trends has a Google sign-in feature. If an attacker steals your Google credentials, they could have access to your other accounts if you’ve engaged with these features.
If you find yourself locked on the Google sign-in screen, there are a few other hotkeys you can try. Alt + Tab will cycle through windows and allow you to close the Chrome window. Ctrl + Alt + Delete allows you to pull up Task Manager and end Chrome as a process. And Alt + F4 will immediately close any application. If all else fails, you can also hold down the power button on your PC. After you’ve exited, make sure to run a scan with antivirus software — read our Avast One Gold review if you’re looking for a simple antivirus option.
Although this attack is focused on Chrome, it can affect other browsers. The malware will try to lock any browser available on your PC in kiosk mode, including Microsoft Edge, which is built into Windows 11. The hotkeys above will work regardless of the browser, however.