Skip to main content
  1. Home
  2. Computing
  3. News

Don’t trust that Google sign-in — how hackers are swiping passwords in Chrome

By
Add as a preferred source on Google
Google Chrome browser running on Android Automotive in a car.
Google

Hackers are swiping passwords from Google accounts in Chrome, and it can happen from the official Google sign-in page. The vehicle being used is called the AutoIt Credential Flusher, and it was discovered by the researchers at OALabs. The attack locks you into your browser at the Google sign-in page and doesn’t allow you to leave, all while logging your email and password as you sign into your Google account.

The attack leverages “kiosk mode” in Chrome, which is a limited full-screen interface that doesn’t have elements like the address bar or navigation buttons. It’s used mainly for demonstration purposes — think a laptop on display at Best Buy. And this attack is using kiosk mode to annoy users enough that they give up their passwords. It also blocks some normal commands to exit full-screen mode, such as Esc and F11. 

Recommended Videos

What’s tricky about the attack is that it happens on the official Google sign-in page. It doesn’t redirect you to a fake sign-in page. Instead, the malware is abusing kiosk mode to lock you into signing into your Google account, and it leverages a piece of malware called StealC to swipe your credentials as you’re signing in. With this attack, it’s possible to pass along your Google account details without even suspecting that your PC is infected.

Worse, Google accounts are often tied to dozens of other accounts. Social sign-on features are available across hundreds of websites, allowing you to use your Google account to sign in — even Digital Trends has a Google sign-in feature. If an attacker steals your Google credentials, they could have access to your other accounts if you’ve engaged with these features.

If you find yourself locked on the Google sign-in screen, there are a few other hotkeys you can try. Alt + Tab will cycle through windows and allow you to close the Chrome window. Ctrl + Alt + Delete allows you to pull up Task Manager and end Chrome as a process. And Alt + F4 will immediately close any application. If all else fails, you can also hold down the power button on your PC. After you’ve exited, make sure to run a scan with antivirus software — read our Avast One Gold review if you’re looking for a simple antivirus option.

Although this attack is focused on Chrome, it can affect other browsers. The malware will try to lock any browser available on your PC in kiosk mode, including Microsoft Edge, which is built into Windows 11. The hotkeys above will work regardless of the browser, however.

Jacob Roach
Jacob Roach
Former Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
Topics
Google just gave Workspace a 24/7 AI agent that sends emails and books meetings while you sleep
Google announcing five Workspace features at once is either confidence or chaos, but Gemini Spark acting on your behalf while you sleep is the one that actually changes what a productivity suite is supposed to do.
Google AI Inbox for Gmail users.

At the I/O 2026, Google announced several AI-powered updates for its Workspace apps. The main highlight of the announcement is Gemini Spark, a 24/7 personal AI agent that doesn’t just answer questions but takes actions on your behalf. 

It can send emails, add calendar events, and complete tasks across Workspace apps. And before you even ask, it asks before doing a high-stakes task, and you can choose whether you want to enable it or not. It's coming soon in preview for Workspace business customers in the Gemini app.

Read more
Gemini can now make videos, brief your morning, and do digital chores while you sleep
Gemini is now an AI intern that never logs off
Google Gemini App gets a major update

Google is giving the Gemini app a massive update, bringing a bunch of nifty changes. The chatbot phase is fading, and the company now wants Gemini to become something closer to a full-time digital assistant.

During Google I/O 2026, the company announced a redesigned Gemini app along with a new model, proactive daily summaries, video tools, and a 24/7 agent called Gemini Spark. Google claims that Gemini has now reached more than 900 million monthly users across 230 countries and more than 70 languages, up from 400 million last year.

Read more
Google Search is getting AI agents that will monitor the web for you
Set up an agent once, and Search will notify you when it finds what you're looking for.
Google Search information agents featured

Google used its I/O 2026 keynote to announce a major overhaul of Search, introducing AI agents, a redesigned search box, and agentic coding capabilities that can generate custom apps and dashboards on the fly.

A new search box

Read more