Connect with us

Hi, what are you looking for?

News

Sophisticated Hack Targets Google Credentials via Chrome’s Kiosk Mode, Trapping Users on Fake Login Page

Sophisticated Hack Targets Google Credentials via Chrome’s Kiosk Mode, Trapping Users on Fake Login Page
Sophisticated Hack Targets Google Credentials via Chrome’s Kiosk Mode, Trapping Users on Fake Login Page

A new and sophisticated hacking method is gaining traction, targeting users through Chrome’s Kiosk Mode. This attack strategy takes advantage of Chrome’s full-screen mode to trap users on a fake Google login page. Once trapped, users are prompted to enter their Google credentials, which are then captured by the attackers. The result is stolen login information that could lead to compromised Gmail and associated accounts.

According to a report from OALabs, the method involves a two-part attack. First, a Windows application presents a counterfeit Google login page within Chrome. The app then activates Chrome’s Kiosk Mode, which locks the browser in full-screen mode, preventing users from switching to other programs or accessing system functions like the F11 key. This restriction is designed to trap users on the fake page.

Sophisticated Hack Targets Google Credentials via Chrome’s Kiosk Mode, Trapping Users on Fake Login Page

Sophisticated Hack Targets Google Credentials via Chrome’s Kiosk Mode, Trapping Users on Fake Login Page

Users are only able to interact with the dummy login page, where they are prompted to enter their Google username and password. Once entered, this information is intercepted by a separate program controlled by the hacker. The immediate risk is that the hacker could change the user’s password, thereby locking them out of Gmail and any services linked to their Google account.

This method is particularly alarming because of its direct approach and potential to affect users beyond Chrome, as other browsers with similar Kiosk Mode features could also be exploited. The attack represents a clever blending of social engineering and technical manipulation to deceive users into revealing sensitive information.

To protect against this type of attack, users should exercise caution when downloading programs and be wary of unexpected full-screen login prompts. If such a situation arises, it’s crucial to exit the full-screen mode and run a virus scan to ensure the system is secure.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Tech

Threads is experimenting with a new feature that allows users to set a 24-hour timer on their posts. After this period, the post and...

News

AU10TIX, an Israeli company that verifies IDs for clients like TikTok, X, and Uber, accidentally left important admin credentials exposed for over a year....

Tech

A team of international researchers has developed Live2Diff, an AI system that transforms live video streams into stylized content in near real-time. Named for...

Tech

Amazon Web Services (AWS) recently unveiled several innovations aimed at enhancing the development and deployment of generative AI applications, addressing concerns around accuracy and...