Credential Flusher Research
Essential information
- Published
- 17/09/2024 13:56
- Modified
- 17/09/2024 14:59
- Tags
- 2024-09-17 autoit credential flusher kiosk stealc stealer
- Related entities
- 8 observables, 1 intrusion sets (apt), 11 techniques (mitre), 1 malware
Description
This intelligence report describes a technique employed by threat actors to compel victims into entering their credentials into a browser, thereby enabling the credentials to be stolen from the browser's credential store using traditional credential-stealing malware. The method involves launching the victim's browser in kiosk mode and navigating to a login page, preventing the user from closing or navigating away from the webpage. This tactic frustrates the victim into entering their credentials in an attempt to close the window, after which the credentials are stored in the browser's credential store and can be exfiltrated.