On how key loggers work

No malware literally logs keys typed anymore. I cannot stress that point enough. Instead they log form submissions (e.g. POST requests) which give the malware author much more useful information they can data mine in an automated way (e.g. URL, named parameters, etc). This works even on a “secure” page (e.g. HTTPS with extended certificate).

via As an aside: Everyone who read this article, please keep in mind that the proces… | Hacker News.