• Latest
  • All
  • How To
Google Chrome web browser security flaw patch

Credential-Stealing Threats Affecting Chrome Users

September 17, 2024
Facebook

New Facebook Rules Penalize Reposts and Low-Effort Content

July 15, 2025
Bonga Points

Safaricom Suffers Court Setback Over Bonga Points Expiry Ban

July 15, 2025
tecno spark 40 pro plus

Pre-Orders Open for TECNO Spark 40 Pro on Jumia with Discount

July 15, 2025
Infinix Hot 60 Pro+

Infinix Readying Hot 60 Pro+ Launch in Kenya

July 15, 2025
DHgate Tablet Cases deals
airtel

Airtel Grows Faster Than Safaricom As It Hits 24 Million Users

July 15, 2025
Grok

Meet Ani: The New Grok Anime Companion Rated NSFW

July 15, 2025
Kenya National Digital Token

Kenya Launches First National Digital Token on Solana

July 14, 2025
lipa later

Three Companies Enter Bid Race To Acquire Lipa Later

July 14, 2025
Inter-institutional transfers

How to Apply for KUCCPS Inter-Institutional Transfer in 2025

July 14, 2025
Play AI

Meta Has Acquired a Startup That Makes AI Voices Sound Human

July 14, 2025
A18 Chip

The Next MacBook Could Be Powered by iPhone’s A18 Chip

July 14, 2025
Cyber attacks on insurance companies

Kenyan Insurance Companies Ordered to Report Cyber Attacks Within 24 Hours

July 12, 2025
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
  • News
  • Entertainment
  • Reviews
  • Features
  • Editorial
No Result
View All Result
Techweez | Tech News, Reviews, Deals, Tips and How To
No Result
View All Result

Credential-Stealing Threats Affecting Chrome Users

Naftary Thitu by Naftary Thitu
September 17, 2024
in News
Reading Time: 3 mins read
285
0
Google Chrome web browser security flaw patch

As of September 17, 2024, recent research has uncovered a disturbing development in the ongoing credential-stealing campaign targeting Chrome users. Initially reported on September 15, this story now includes additional insights into the sophisticated tactics employed by cybercriminals.

New technique

The newly discovered malware, known as StealC, utilizes a cunning method to persuade users into disclosing their Google account passwords. The attack operates by locking the browser into a persistent kiosk mode.

What is kiosk mode?

Kiosk mode is offered by browser applications to run the application full screen without any browser user interface such as toolbars and menus. Kiosk mode typically operates in full-screen mode, preventing users from accessing other applications, windows, or system functions.

In this state, users are unable to exit the full-screen mode using the usual escape keys, such as F11 or ESC. This effectively traps the user within a single, full-screen window displaying a login prompt—usually for their Google account.

Details of the Attack

  • Kiosk Mode Lockdown: The malware forces Chrome into a full-screen kiosk mode that is resistant to common exit methods. The design frustrates users and creates a sense of urgency or panic, prompting them to enter their credentials to regain control of their browser.
  • Phishing Login Window:

In this mode, users face a login window that looks legitimate, often mimicking the original. This deception is intended to capture the user’s Google credentials as they attempt to resolve the issue.

Once the victim inputs their password in the phishing window, his/her credentials are stolen. This leads to unauthorized access to the user google account. With access to the Google account, attackers can conduct malicious activities, including; accessing sensitive information, conducting identity theft, or further compromising other accounts connected to Google services.

Recommended ways to mitigate the attack

Update Browser and Security Software: Ensure that Chrome and all security software are up-to-date with the latest patches and updates to protect against vulnerabilities.

Avoid Suspicious Links and Prompts: Be cautious of any unusual prompts or login windows that appear unexpectedly, especially those that force the browser into full-screen mode.

Change Passwords Immediately: If you suspect your credentials are compromised, change your Google account password right away and update passwords for any other affected accounts

Enable Two-Factor Authentication (2FA): Adding 2FA provides an additional layer of security, making it more difficult for attackers to gain unauthorized access.

Seek Professional Help: If you have been a victim of this attack, consider contacting cybersecurity professionals to assess and mitigate any potential damage.

Exiting the Kiosk Mode

Users who find themselves locked in kiosk mode, with neither the Esc nor F11 keys functioning, should remain calm and refrain from entering any sensitive information into forms.

Instead, try other hotkey combos like  ‘Alt + F4’, ‘Ctrl + Shift + Esc’, ‘Ctrl + Alt +Delete’, and ‘Alt +Tab.’ Those may help bring the desktop to the foreground, cycle through open apps, and launch the Task Manager to End Task.

Tags: Google
SendShare165Tweet103
Naftary Thitu

Naftary Thitu

Tech enthusiast and ICT guru by trade, I've swapped debugging code for decoding tech trends. When I’m not wrangling with cybersecurity conundrums or geeking out over the latest gadgets, I’m busy turning techie mumbo jumbo into engaging, often hilarious, articles. Email: [email protected]

Related Posts

Android 16

Android 16 Will Clean Up Your Notifications with Smart AI Grouping

July 12, 2025
Android Canary release channel

Early Access Android Builds Arrive with Google’s Canary Channel

July 12, 2025
AI

OpenAI and Perplexity Launch Browsers to Rival Google Chrome

July 10, 2025
google gmail

Google Rolls Out AI Cleanup Tool on Web for Messy Gmail Inboxes

June 30, 2025
Subscription Nuisance: Gmail's New Tool Arrives in Kenya

Gmail Now Lets You See and Cancel All Your Email Subscriptions

June 29, 2025
Google Ask Photos

Google Relaunches Ask Photos with Faster, Smarter AI Search

June 27, 2025

Latest

Facebook

New Facebook Rules Penalize Reposts and Low-Effort Content

July 15, 2025
Bonga Points

Safaricom Suffers Court Setback Over Bonga Points Expiry Ban

July 15, 2025
tecno spark 40 pro plus

Pre-Orders Open for TECNO Spark 40 Pro on Jumia with Discount

July 15, 2025
Infinix Hot 60 Pro+

Infinix Readying Hot 60 Pro+ Launch in Kenya

July 15, 2025
airtel

Airtel Grows Faster Than Safaricom As It Hits 24 Million Users

July 15, 2025
Grok

Meet Ani: The New Grok Anime Companion Rated NSFW

July 15, 2025

Best devices

budget smartwatches 2025

Best Budget Smartwatches To Buy in Kenya 2025

February 13, 2025

Best Infinix Smartphones To Buy in Kenya 2024

February 13, 2025

Best Laptops for Battery Life in 2024

August 21, 2024

Best “Battery Warrior” Smartphones To Buy in 2024

August 22, 2024

New Facebook Rules Penalize Reposts and Low-Effort Content

July 15, 2025

Safaricom Suffers Court Setback Over Bonga Points Expiry Ban

July 15, 2025

Techweez is a fast growing influential source of technology news, reviews and analysis by leading tech geeks in the industry.

Follow Us

Editorials

Abductions and Arrests! Kenyan Government’s Fear and Hate of X Users Makes No Sense

Actors and Film Crews Are Worried About Veo 3 Taking Their Jobs

Samsung QLED TVs Now Officially Certified for Real Quantum Dot Technology

Trump’s Tariffs Will Be the End of Affordable Tech

5 Ways to Prep Your Tech for Resale

The Weaponization of PDFs: How Cybercriminals Are Exploiting a Trusted Format

More News

Kenya Launches First National Digital Token on Solana

Three Companies Enter Bid Race To Acquire Lipa Later

How to Apply for KUCCPS Inter-Institutional Transfer in 2025

Meta Has Acquired a Startup That Makes AI Voices Sound Human

The Next MacBook Could Be Powered by iPhone’s A18 Chip

Kenyan Insurance Companies Ordered to Report Cyber Attacks Within 24 Hours

  • Terms Of Use
  • Techweez Brand
  • Privacy & Policy
  • Contact Us

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!

Hey there! Just a heads-up: we're big fans of cookies - both the digital and edible kind! 🍪 We use our cookies and some from third parties to ensure your browsing experience on our site is smooth sailing and secure.

 

But wait, there's more! We also use cookies to gather stats and insights on how you navigate our site. It's like getting a behind-the-scenes peek at your digital adventures!

 

Don't worry, you're in control. You can adjust your cookie settings anytime to suit your preferences. Feeling curious? Dive into our Privacy Policy for all the juicy details. Happy browsing! 🚀

Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
Techweez | Tech News, Reviews, Deals, Tips and How To
Crunchy Cookies 🍪 Ahead!
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
Listen, this legal stuff is about as exciting as watching paint dry. But it basically says we only use your stuff for what you asked us to do, and nobody else gets to peek!
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
It's those sneaky cookie crumbs websites leave behind to count visitors, like counting ants at a picnic! Totally harmless, just for fun facts. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
Hey there! Just letting you know we use some fancy gizmos to remember your preferences. This way, we can show you ads that are, well, not completely bananas.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Make cookies
{title} {title} {title}
No Result
View All Result
  • News
  • Reviews
  • Features
  • Editorial
  • Automotive
  • Entertainment

© 2024 Techweez - Palahala Media Group may earn a commission when you buy through links on our sites.
A Palahala Media Group Brand. All rights reserved.
.