Attackers often go to great lengths to steal credentials, primarily with three types of malware:
Programs that wait for a user to log in in order to steal their credentials
Programs that dump information stored in Windows, such as password hashes, to be used directly or cracked offline
Programs that log keystrokes
In this section, we will discuss each of these types of malware.
On Windows XP, Microsoft’s Graphical Identification and Authentication (GINA) interception is a technique that malware uses to steal user credentials. The GINA system was intended to allow legitimate third parties to customize the logon process by adding support for things like authentication with hardware radio-frequency identification (RFID) ...