It can run with user level permissions, so any software or script can be used to extract keys. It does not need to be dedicated malware.
It’s probably something that can be done via browser extentions or possibly even Javascript, if they leverage a browser vulnerability to gain system user level access.
Why not just generate the key in a separate user space? Also this requires malware to be installed and running in tandem no?
It can run with user level permissions, so any software or script can be used to extract keys. It does not need to be dedicated malware.
It’s probably something that can be done via browser extentions or possibly even Javascript, if they leverage a browser vulnerability to gain system user level access.