Skip to main content

Don’t trust that Google sign-in — how hackers are swiping passwords in Chrome

Google Chrome browser running on Android Automotive in a car.
Google

Hackers are swiping passwords from Google accounts in Chrome, and it can happen from the official Google sign-in page. The vehicle being used is called the AutoIt Credential Flusher, and it was discovered by the researchers at OALabs. The attack locks you into your browser at the Google sign-in page and doesn’t allow you to leave, all while logging your email and password as you sign into your Google account.

The attack leverages “kiosk mode” in Chrome, which is a limited full-screen interface that doesn’t have elements like the address bar or navigation buttons. It’s used mainly for demonstration purposes — think a laptop on display at Best Buy. And this attack is using kiosk mode to annoy users enough that they give up their passwords. It also blocks some normal commands to exit full-screen mode, such as Esc and F11. 

What’s tricky about the attack is that it happens on the official Google sign-in page. It doesn’t redirect you to a fake sign-in page. Instead, the malware is abusing kiosk mode to lock you into signing into your Google account, and it leverages a piece of malware called StealC to swipe your credentials as you’re signing in. With this attack, it’s possible to pass along your Google account details without even suspecting that your PC is infected.

Worse, Google accounts are often tied to dozens of other accounts. Social sign-on features are available across hundreds of websites, allowing you to use your Google account to sign in — even Digital Trends has a Google sign-in feature. If an attacker steals your Google credentials, they could have access to your other accounts if you’ve engaged with these features.

If you find yourself locked on the Google sign-in screen, there are a few other hotkeys you can try. Alt + Tab will cycle through windows and allow you to close the Chrome window. Ctrl + Alt + Delete allows you to pull up Task Manager and end Chrome as a process. And Alt + F4 will immediately close any application. If all else fails, you can also hold down the power button on your PC. After you’ve exited, make sure to run a scan with antivirus software — read our Avast One Gold review if you’re looking for a simple antivirus option.

Although this attack is focused on Chrome, it can affect other browsers. The malware will try to lock any browser available on your PC in kiosk mode, including Microsoft Edge, which is built into Windows 11. The hotkeys above will work regardless of the browser, however.

Jacob Roach
Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
New phishing method looks just like the real thing, but it steals your passwords
A MacBook with Google Chrome loaded.

Thanks to a new phishing method, hackers could steal all sorts of personal information by simply mimicking real login forms in Application Mode. This is a feature that's available in all Chromium-based browsers, which includes Google Chrome, Microsoft Edge, and Brave.

Using Application Mode allows threat actors to spread highly believable-looking local login forms that look like desktop applications. In reality, all inputs are sent to a malicious attacker.

Read more
Spellcheckers in Google Chrome could expose your passwords
Office computer with login asking for password and username.

If you like to be thorough and use an advanced spellchecker, we have some bad news -- your personal information could be in danger.

Using the extended spellcheck in Google Chrome and Microsoft Edge transmits everything you input in order for it to be checked. Unfortunately, this includes information that should be strictly encrypted, such as passwords.

Read more
This game lets hackers attack your PC, and you don’t even need to play it
Genshin Impact characters.

Hackers have been abusing the anti-cheat system in a massively popular game, and you don't even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game's anti-cheat measures in order to disable antivirus programs on the target machine. From there, they're free to conduct ransomware attacks and take control of the device.

Read more