Security experts have discovered a new malware whose aim is to steal login data. Once the malware is on the computer, the attackers use your browser’s kiosk mode to steal sensitive data such as passwords.
If this happens, you should become suspicious:
- Your browser will start in kiosk mode.
- The login page of a popular service, for example Google, is displayed.
- If you enter your access data here, it will be intercepted.
0:57
Google Chrome – How to turn websites into apps
Good to know: Kiosk mode is a special full-screen mode of the browser. It offers limited access and control.
In this mode, the browser does not display an address bar or other navigation elements or options to close the window. It is not clear to the user which page he is on.
Closing is also more difficult because icons like close or minimize are missing.
Google Chrome can easily be started in kiosk mode using the –kiosk parameter.
This is how the attack works
- According to security experts from Open Analysis
- As soon as the computer is infected, additional components are downloaded.
- One of them then starts the browser in kiosk mode and displays a real login page.
- If the user enters the data here, it will be saved on the system.
- The data is collected and transmitted using another module.
The method by which the infection occurs is not disclosed. It is conceivable that it is spread as an attachment to emails, via chat, or software downloads.
How to exit kiosk mode
There are several methods to exit kiosk mode:
- Use the key combination Alt-F4 to close the browser.
- Pressing the Windows key displays the taskbar. Right-clicking on the browser icon and selecting Exit closes the program.
- Use the Ctrl-Shift-Esc keys to open the task manager. You can also end the process here.
- You can use Alt-Tab to switch to other open programs.
Removing the virus should then be the highest priority. Current virus scanners such as Microsoft Defender, Malwarebytes or Avast should detect the virus and render it harmless.