HomeCyber BalkansManipulative Hackers Coercing Users to Provide Login Information for Theft

Manipulative Hackers Coercing Users to Provide Login Information for Theft

Published on

spot_img

A new technique has been uncovered by security experts, revealing how cybercriminals are now manipulating victims into entering their credentials directly into a web browser. This method, which involves the use of StealC malware and is primarily associated with the Amadey group, was first detected in August 2024.

The modus operandi of this technique is to lure unsuspecting victims into interacting with malicious web content that is specifically crafted to capture their credentials. By bypassing standard browser security measures, this approach poses a significant threat as it allows cybercriminals to gain direct access to sensitive information stored within the browser’s credential database.

Samples of this malware have been analyzed using tools like UnpacMe, which helps security researchers unpack and dissect malware to better understand their behavior and potential targets. By studying these samples, researchers can identify common patterns, trends, and emerging threats within the ever-evolving malware landscape.

The attack itself involves manipulating the victim’s browser into kiosk mode, redirecting them to a phony login page, and then trapping them in a loop that prevents them from closing or navigating away. This frustration can ultimately lead the victim to unknowingly input their credentials, which are then stored locally on their device.

Stealer malware, often working in tandem with a credential flusher, can then retrieve these stored credentials for malicious purposes. The entire process begins with the Amadey malware infecting the victim’s device, followed by the deployment of StealC and the Credential Flusher from a remote server. The Credential Flusher coerces the victim into entering their credentials by forcing the browser into kiosk mode, while StealC steals these credentials for illicit use.

To execute this attack, an AutoIt script is used as a credential flusher. This script scans for available browsers on the compromised system, launches the preferred browser in kiosk mode, and directs it to a pre-programmed website designed to pilfer credentials. In one example, victims are led to a fake Google login page disguised as account settings, tricking them into divulging their credentials for theft.

According to OALABS Research, the script in question appears to be a credential stealer, as it targets popular browsers like Chrome, Firefox, and Edge, launching a new browser window in kiosk mode to facilitate the theft of login information. The script meticulously monitors the browser window, disabling key shortcuts to prevent users from exiting the page and ensuring the successful theft of credentials.

In conclusion, this new technique employed by cybercriminals underscores the importance of staying vigilant and adopting robust security measures to safeguard against such malicious attacks. As threat actors continue to evolve their tactics, it is imperative for individuals and organizations to stay informed and proactive in defending against cybersecurity threats.

Source link

Latest articles

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...

Scammers Exploit FaceTime for Social Engineering Tactics

Apple Warns Users About Social Engineering Scams Targeting FaceTime Apple Inc. has made a significant...

Hackers Compromise IIS Server and Launch Ransomware Attack Within 24 Hours

--- In June 2026, cybersecurity experts uncovered a coordinated and sophisticated cyber intrusion that began...

Women’s Care and Pulmonary Sleep Breaches

In a concerning trend for healthcare security, two healthcare providers have publicly revealed data...

More like this

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...

Scammers Exploit FaceTime for Social Engineering Tactics

Apple Warns Users About Social Engineering Scams Targeting FaceTime Apple Inc. has made a significant...

Hackers Compromise IIS Server and Launch Ransomware Attack Within 24 Hours

--- In June 2026, cybersecurity experts uncovered a coordinated and sophisticated cyber intrusion that began...