Infosec quotes - fake form overlays

“... Once the DLL is properly injected to svchost.exe it starts to monitor the user's activity to see if they try to access Brazilian banks. Once a user visits the online banking sites, it will overlay the screen with a fake form that enable the attackers to retrieve the user's PIN codes...”

https://www.trustwave.com/Resources/SpiderLabs-Blog/Sneaky--BAT-File-Leads-to-Spoofed-Banking-Page/