Skip to content

Beware of the Latest Malware Locking Your Browser in Kiosk Mode

What Law Firms Need to Know

Arthur Gaplanyan

Frozen Kiosk Malware

Did you even know your browser has a kiosk mode? Probably not, because it’s not really useful for the vast majority of people. Well, a new malware campaign is locking people into kiosk mode, essentially annoying them until they enter their credentials.

If you could imagine your entire screen locking, with no “X” to close it, no minimizing to get back to your other work. Instead, you’re staring at a Google login page that refuses to go away until you type in your credentials.

Absolutely frustrating, and that’s why it’s so dangerous. The only obvious way out is to enter your credentials, which of course gets stolen and leads to a security breach.

This malware doesn’t have an official name yet, but it’s a variant of the prominent trojan called Amadey. Let’s dive into what this malware does, why it’s a big deal, and—most importantly—how to protect your firm.

What’s the Amadey Malware All About?

First, a little background. The Amadey malware has been around for a while, but this new version takes it up a notch. Originally a program designed to steal passwords, it’s now been updated to exploit “kiosk mode” in your browser.

If you’re not familiar, kiosk mode is typically used for things like public information screens or retail checkouts, where you want to lock the display so that it only shows one screen without access to anything else.

This malware abuses that functionality, forcing your browser into a full-screen “trap” that prevents you from closing or minimizing the window. Hitting Esc or F11 doesn’t do anything, because the malware disables them. There’s no clear way out other than to enter your credentials.

Once you do, an infostealer called StealC grabs your user name and password so they can breach you further.

Why It’s a Big Deal for Law Firms

For law firms, the risks associated with this malware go far beyond simple frustration. Here’s why you should be concerned:

  • Sensitive Data at Risk: If attackers get hold of your Google credentials, they could gain access to confidential emails, case files, or even sensitive client information.
  • Network Vulnerability: Once malware like this has a foothold, it can sometimes dig deeper, looking for more information across your network.
  • Potential Compliance Issues: Legal practices handle data governed by strict regulations. A breach could expose your firm to compliance risks, possible fines, and legal liabilities.
  • Damage to Your Reputation: A data breach can impact how clients and potential clients view your firm. Confidentiality is key in law, and any slip-up can lead to lost trust.

In short, falling victim to Amadey malware could expose your firm to a wide range of risks, from lost time and frustration to significant financial and reputational harm.

How to Escape Kiosk Mode if You’re Hit by the Attack

Alright, so what if you or someone in your firm falls victim to this malware and ends up locked in kiosk mode? We already know Esc and F11 don’t work, so here are a few methods to get you out:

Window Cycle Out

On Windows, try cycling to other windows using the hotkey combo Alt+Tab. That’s the windows shortcut that lets you cycle through open windows/programs and it might let you switch out.

Use Task Manager

Another shortcut to try is Ctrl+Shift+Esc to bring up the Task Manager. Once in Task Manager, look for your browser’s name in the list (e.g., Chrome, Firefox), click on it, and select “End Task.” This should force-close the browser.

Command Prompt for Techie

For those comfortable with commands, open Command Prompt as an administrator. Type taskkill /IM chrome.exe /F (or replace “chrome.exe” with your browser’s name) to forcefully close the browser.

Reboot in Safe Mode

If Task Manager doesn’t work, try a hard reset by holding down the power button on your PC. While rebooting, press F8 to restarting in Safe Mode. Safe Mode prevents some types of malware from activating, allowing you to regain control. From there antivirus and malware scans can get rid of any malware files.

These steps can help you break free, but remember—they’re a temporary fix. It’s crucial to focus on prevention to avoid a repeat incident.

Why Prevention is Better Than Cure (And How to Prevent an Attack)

No one wants to deal with a malware attack in the middle of a busy workday. By taking proactive steps, you can protect your firm from falling victim to Amadey and similar threats. Here’s how:

Train Your Team on Phishing Awareness

Phishing emails are still the most common way malware enters a system. Train your staff to recognize signs of phishing, such as odd email addresses, urgent language, or strange attachments.

Secure your accounts with Multi-Factor Authentication (MFA)

MFA requires users to verify their identity through a second method (like a text message or app) in addition to a password. This simple step can make it much harder for attackers to gain access, even if they do get a password. A Password manager helps manage not just your password, but also MFA authentication.

Use Quality Security Software

Invest in reliable antivirus and anti-malware software that not only detects but actively monitors and blocks suspicious activity. Look for security solutions that offer real-time monitoring. Our XenSecure solution is more than antivirus, it’s 24/7 live monitoring that can stop malware and breaches immediately before they take hold.

Limit Access Privileges

Restricting who has administrative access on devices helps minimize damage in case malware does get in. By limiting access, you’re adding another barrier for the malware to bypass.

Keep Everything Updated

Software updates often include patches for security vulnerabilities. Ensuring that your operating system, web browsers, and other software are up to date can prevent malware from exploiting known weaknesses. Want to alleviate this task? Our XenManaged service will keep all your systems up to date so you never have to worry about it.

Regular Data Backups

Back up your data regularly and store it securely. In the event of a malware attack, having a recent backup can help you restore lost files and minimize downtime. XenProtect does just this for all your devices, verified and malware free.

The Verdict: Staying One Step Ahead of the Threat

In today’s world, malware like Amadey is always evolving, and law firms are prime targets. By staying informed, implementing security best practices, and training your team to recognize red flags, you’re putting a solid defense in place. Remember, a little prevention goes a long way—and it can save you from much bigger headaches down the road.

Take these steps to safeguard your firm, keep client data secure, and focus on what you do best: providing top-notch legal services without interruption. Cybersecurity might not be your main job, but in today’s environment, it’s an essential part of protecting your firm’s reputation and your clients’ trust. If you’d like help with any of these solutions, get in touch.