Open Analysis Lab Reveals How Hackers Stole Google Account Passwords

Researchers from the Open Analysis Lab revealed in a recent report how hackers have been stealing Google account passwords from Chrome browser users.

“We have recently observed a new technique used by stealers to force victims into entering credentials into a browser, allowing them to be stolen from the browser’s credential store using traditional stealer malware,” states the document.

The organization, which specializes in malware, explains that this malicious campaign was first seen just a few weeks ago, on August 22 this year.

The malware used with this new strategy is StealC, it makes the user’s browser go into kiosk mode in full screen on a Google login page, blocking users from navigating away from the page or closing the window—blocking ESC and F11—and giving them no choice but to enter their login information.

“This tactic annoys the victim into entering their credentials in an attempt to close the window,” explained the researchers. “Once the credentials are entered, they are stored in the browser’s credential store on disk and can be stolen using stealer malware, which is deployed along with the credential flusher.”

Open Analysis Lab clarifies that hackers use multiple elements to get the credentials. The first step is to infect the victim with Amadey and then this tool is used to deploy StealC and the credential flusher.

According to Forbes, Amadey hacking tool has been used for over 6 years, but the new technique is one the “simplest yet most effective methods of gaining access to Google account credentials.”

Users are encouraged to learn more about the new techniques to avoid being affected and to activate two-factor authentications.