No. of Recommendations: 21
OK - this is clearly the wrong board for this topic, but I couldn't find an appropriate one and, hey, if it saves people here aggrivation - or warsee - then it may as well be you guys/gals.
From Bruce Schneier's latest Cryptogram newsletter:
A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.
Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys. The goal is to frustrate the user enough that they enter and save their Google credentials in the browser to “unlock” the computer.
Once credentials are saved, the StealC information-stealing malware steals them from the credential store and sends them back to the attacker.
I’m sure this works often enough to be a useful ploy.
** *** ***** ******* *********** *************
What to do if it happens to you?:
https://www.bleepingcomputer.com/news/security/mal...Just thought it was worth flagging.
Jeff
