Another good one from Lance James.
A phisher may also use a Trojan or other Malware to watch for instances of a web browser and use the information contained in the title bar to search for various keywords referencing previously submitted data. By hooking directly into the IE Browser Helper Object, bypassing TLS/SSL encryption, malware such as berbew, mitgleider, haxdoor, and snapper will grab this post data and send it to a data collection server. The Secure Submission Transfer (SST) module of the DFP product seamlessly protects a banks login HTTP forms data from being potentially hijacked by malware without requiring a client-side software plugin.
Link here.
Alex