Part two of our Kronos malware analysis, we look at the malicious actions Kronos can perform. The current configuration targets several banks, but also steals credentials for popular services like Google, Twitter, and Facebook. The attack is based purely on social engineering trying to convince a user to input all personal data that are necessary for banking operations. The injected scripts are responsible for opening additional pop-up that is trying to phish the user and steal his/her personal data. In the analyzed case, downloaded payload was just an update of the Kronos bot.”]
Source: https://blog.malwarebytes.com/cybercrime/2017/08/inside-kronos-malware-p2/