Close Menu
Alpha Leaders
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
What's On
Chinese Markets Signal Strong Headwinds For Smartphone Sales In 2026

Chinese Markets Signal Strong Headwinds For Smartphone Sales In 2026

8 July 2026
The 38-point framework two VCs use to spot the next unicorn founder

The 38-point framework two VCs use to spot the next unicorn founder

8 July 2026
The American Land, And The American People

The American Land, And The American People

8 July 2026
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Alpha Leaders
newsletter
  • Home
  • News
  • Leadership
  • Entrepreneurs
  • Business
  • Living
  • Innovation
  • More
    • Money & Finance
    • Web Stories
    • Global
    • Press Release
Alpha Leaders
Home » Hackers Force Chrome Users To Hand Over Google Passwords. Here’s How
Innovation

Hackers Force Chrome Users To Hand Over Google Passwords. Here’s How

Press RoomBy Press Room17 September 20248 Mins Read
Facebook Twitter Copy Link Pinterest LinkedIn Tumblr Email WhatsApp
Hackers Force Chrome Users To Hand Over Google Passwords. Here’s How

Update, Sept. 17, 2024: This story, originally published Sept. 15, now includes details of more credential-stealing threats targeting web browser users.

Newly published research has revealed how threat actors are using a devious new technique to force Chrome browser users to reveal their Google account passwords out of nothing more than sheer frustration. The credential-stealing campaign, which uses malware called StealC, locks the user’s browser in kiosk mode while blocking both the F11 and ESC keys to prevent them from escaping out of this full-screen mode. The only thing displayed on the browser screen while in this annoying and seemingly unescapable kiosk mode is a login window, most often for your Google account itself, according to the researchers.

How Hackers Use New Annoyance Technique To Steal Google Account Passwords

Threat actors have used many methods of gaining access to precious Google accounts, the key to your Gmail inbox and the security treasures contained within, or your crypto-wallet passphrase. Recently we have seen malware using optical character recognition to grab crypto passwords, and another that targets two-factor authentication codes by tricking users into giving permission to read SMS messages, for example. But now there’s a new player in town by the name of StealC, which uses perhaps the simplest yet most effective method of gaining access to Google account credentials: annoying the heck out of the victim.

The Open Analysis Lab researchers have revealed how the credential flushing campaign has been using the technique since at least August 22. In their analysis, the OALabs researchers confirmed that the hackers force the victim into entering their credentials into the browser from where the malware can then steal them. “The technique involves launching the victim’s browser in kiosk mode and navigating to the login page of the targeted service, usually Google,” the researchers said. Because kiosk mode is a full-screen deployment of the browser, and the victim is prevented from being able to navigate away from it or closing the app, only one option is made available to those unfortunate enough to get trapped this way: a Google Account login window.

Google Account Credential Flusher Is Not A Credential Stealer

Interestingly, the credential flusher itself isn’t actually a credential stealer. Instead, it just applies the necessary leverage to get the frustrated victim into entering their account credentials themselves. Once they have done that, then a bog-standard bit of credential-stealing malware, in this case StealC, deploys to grab the passwords from the Chrome browser’s credential store and deliver them to the attackers. In fact, the entire campaign is only possible by using a number of different known elements. Primarily the Amadey hacking tool, which has been in use for at least six years, that loads the malware. The OALabs researchers credit threat intelligence partners the Loader Insight Agency with helping to map put a typical attack roadmap:

  • The victim is infected with Amadey.
  • Amadey loads the StealC malware.
  • Amadey loads the credential flusher.
  • The credential flusher launches the browser, in kiosk mode.
  • The victim enters their login details and these are then stolen by the StealC malware.

New TrickMo Attack Seen Using Fake Login Screens And 2FA Code Grabber

If the StealC credential flushing campaign was not bad enough, it appears that Chrome users have another ongoing credential-stealing threat to worry about. Researchers with the threat intelligence team at fraud-detection specialists Cleafy have identified a new variant of a known banking Trojan called TrickMo that now pretends to be the Google Chrome web browser app for Android. Upon installing the rogue application, the victim will see a warning that Google Play needs updating and a dialog with a confirm button. This actually installs yet another app named Google Services, which requests, yes, you’ve guessed it, user permissions. Helpfully guiding the user through the process, it sends them to enable accessibility services for the app. Once done, this gives the attackers the elevated permissions required to intercept SMS messages and any two-factor authentication one-time codes delivered this way. TrickMo will also use an HTML overlay attack, essentially displaying a screen that looks like a genuine login to capture account credentials.

To evade detection by browser and device malware detection features, the new TrickMo variant will use a technique of malformed Zip archive files, which involves adding directories named in the same way as critical system files. “This clever obfuscation strategy can cause an unzip operation to overwrite these critical files, potentially hindering subsequent analysis,” the researchers said, adding that it also makes it harder for automated analysis tools used by cyber-defenders to examine the contents of the file as the “malformed structure can lead to errors or incomplete extractions, significantly complicating the analysis process.”

How To Mitigate Kiosk-Mode Attack And TrickMo Attacks

Although it can seem like something of a Sisyphean task, it is still possible to exit kiosk mode without access to the more obvious ESC or F11 keys on the keyboard, as Bleeping Computer advises.

Users are recommended to try hotkey combos of Alt + F4, Ctrl + Shift + Esc, Ctrl + Alt +Delete, and Alt +Tab which could enable you to get to your desktop and launch the Task Manager in order to kill the Chrome browser that way. Bleeping Computer also suggests using the Win Key + R combo to open a Windows command prompt from where Chrome can be killed with “taskkill /IM chrome.exe /F.”

Finally, there’s the nuclear option of a power button shutdown. If taking this approach, be sure to boot into Safe Mode with the F8 key and do a full system scan for the malware infection to prevent it happening again.

When mitigating an attack using the latest TrickMo variant, the advice is simple and oft-repeated: don’t download Android software from any source other than the official Play Store.

Windows Attack Chain Identified Using Two Zero-Day Vulnerabilites To Steal Passwords

It’s not only users of the Google Chrome web browser who need to be extra-vigilant this month; all browser users are facing new and particularly dangerous information-stealing threats, it would seem. The U.S. Cybersecurity and Infrastructure Security Agency, which describes itself as America’s cyber defense agency, has now added a Microsoft Windows zero-day vulnerability in a browser component used for backward compatibility to the Known Exploitation Catalogue. As mandated by Binding Operational Directive 22-01, this obligatory order aimed at federal, executive branch, departments and agencies, requires them to update their systems to patch all KEV entries within a short timeframe. In the case of CVE-2024-43461, that’s just three weeks, with October 7 being the target date.

CVE-2024-43461, was addressed by the latest Patch Tuesday security round-up from Microsoft, but has since been updated to zero-day status when it was discovered as already being exploited by the Void Banshee advanced persistent threat group as far back as July 2024. The vulnerability itself sits within the MSHTML browser engine, known as Trident, which is used by Microsoft for backward compatibility reasons for Windows users. To be technical, CVE-2024-43461 is actually part of an exploit chain and used in conjunction with a very similar vulnerability, CVE-2024-38112, that fixed in the July 2024 Patch Tuesday updates. These are both remote arbitrary code execution payload, MSHTML spoofing flaws.

By using Windows internet shortcut files, attackers were able to call upon the long-since deprecated and obsolete Internet Explorer web browser when clicked. This would direct the victim to a website or page that was under the control of the attacker and initiate the download of an HTML application file. When the user then clicks on this, and yes, it does involve a lot of user-clicking like most such exploits, to be honest, a script would be executed to install an information-stealing piece of malware known as Atlantida.

According to Trend Micro Zero Day Initiative researchers who first uncovered the exploit chain used in these attacks, the vulnerability exists within the way Internet Explorer prompts the user after a file is downloaded. “A crafted file name can cause the true file extension to be hidden, misleading the user into believing that the file type is harmless. An attacker can leverage this vulnerability to execute code in the context of the current user,” they said.

Microsoft confirmed that while it has retired Internet Explorer on most platforms, the underlying MSHTML, EdgeHTML and scripting platforms are still supported. “The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control,” it said. In order to ensure that they are fully protected against threats such as this chain being exploited by the Void Banshee group, Microsoft recommends users who install “security only” updates for such legacy applications also install the latest IE cumulative updates for this vulnerability.

Chrome Browser Hack Chrome Malware Chrome Security Google account hack Google Account Password Google Account Security Google Chrome Web Browser Kiosk Mode Attack StealC Google Attack
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link

Related Articles

Chinese Markets Signal Strong Headwinds For Smartphone Sales In 2026

Chinese Markets Signal Strong Headwinds For Smartphone Sales In 2026

8 July 2026
The American Land, And The American People

The American Land, And The American People

8 July 2026
Rosie Rios And Others Celebrate

Rosie Rios And Others Celebrate

8 July 2026
NYT Connections Hints And Answers: Wednesday, July 8

NYT Connections Hints And Answers: Wednesday, July 8

8 July 2026
Frustrating Patchwork Of State-Level AI Laws Is Forcing AI Makers Into Devising Jurisdictionally Compliant Chatbot Models

Frustrating Patchwork Of State-Level AI Laws Is Forcing AI Makers Into Devising Jurisdictionally Compliant Chatbot Models

8 July 2026
10 Jobs That Are Safe Because Robots Cost Too Much

10 Jobs That Are Safe Because Robots Cost Too Much

8 July 2026
Don't Miss
Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

Unwrap Christmas Sustainably: How To Handle Gifts You Don’t Want

By Press Room27 December 2024

Every year, millions of people unwrap Christmas gifts that they do not love, need, or…

Exclusive: DeFi platform Azura launches after raising .9 million from Initialized

Exclusive: DeFi platform Azura launches after raising $6.9 million from Initialized

22 October 2024
Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

Sam Altman’s World Wants To Scan Your Eyes To Prove You’re Human

22 October 2024
Stay In Touch
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Latest Articles
Rosie Rios And Others Celebrate

Rosie Rios And Others Celebrate

8 July 20262 Views
AI will disrupt millions of jobs. A century ago, America’s answer was to build a new high school

AI will disrupt millions of jobs. A century ago, America’s answer was to build a new high school

8 July 20262 Views
NYT Connections Hints And Answers: Wednesday, July 8

NYT Connections Hints And Answers: Wednesday, July 8

8 July 20261 Views
Billionaire soccer fan Ken Griffin on how he helped bring Team USA’s best World Cup run in 24 years

Billionaire soccer fan Ken Griffin on how he helped bring Team USA’s best World Cup run in 24 years

8 July 20262 Views

Recent Posts

  • Chinese Markets Signal Strong Headwinds For Smartphone Sales In 2026
  • The 38-point framework two VCs use to spot the next unicorn founder
  • The American Land, And The American People
  • Iran strikes U.S. military sites in the Gulf: global selloff in stocks, oil up
  • Rosie Rios And Others Celebrate

Recent Comments

No comments to show.
About Us
About Us

Alpha Leaders is your one-stop website for the latest Entrepreneurs and Leaders news and updates, follow us now to get the news that matters to you.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks
Chinese Markets Signal Strong Headwinds For Smartphone Sales In 2026

Chinese Markets Signal Strong Headwinds For Smartphone Sales In 2026

8 July 2026
The 38-point framework two VCs use to spot the next unicorn founder

The 38-point framework two VCs use to spot the next unicorn founder

8 July 2026
The American Land, And The American People

The American Land, And The American People

8 July 2026
Most Popular
Iran strikes U.S. military sites in the Gulf: global selloff in stocks, oil up

Iran strikes U.S. military sites in the Gulf: global selloff in stocks, oil up

8 July 20261 Views
Rosie Rios And Others Celebrate

Rosie Rios And Others Celebrate

8 July 20262 Views
AI will disrupt millions of jobs. A century ago, America’s answer was to build a new high school

AI will disrupt millions of jobs. A century ago, America’s answer was to build a new high school

8 July 20262 Views

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • March 2022
  • January 2021
  • March 2020
  • January 2020

Categories

  • Blog
  • Business
  • Entrepreneurs
  • Global
  • Innovation
  • Leadership
  • Living
  • Money & Finance
  • News
  • Press Release
© 2026 Alpha Leaders. All Rights Reserved.
  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.