Cybersecurity experts at OALabs have uncovered a new attack vector for stealing credentials. The unique method involves launching the user’s browser in kiosk mode to a login page (usually Google). Kiosk mode is useful for isolating a system to run specific apps. An ATM is a familiar example.