New Malware Locks Chrome Users in Kiosk Mode to Steal Google Passwords

Hackers exploit Chrome's kiosk mode to force users into entering their Google credentials, compromising security across multiple accounts.

The attack uses the AutoIt Credential Flusher malware to lock users in kiosk mode on the Google sign-in page.
Kiosk mode disables navigation and exit keys like Esc and F11, making it difficult for users to leave the page.
Once users enter their credentials, the StealC malware captures and sends this information to attackers.
This method can affect other Chromium-based browsers like Microsoft Edge and Brave.
Users can escape kiosk mode using alternative hotkeys like Alt + F4, Ctrl + Alt + Delete, or by performing a hard reset.