Trojan was constantly monitoring the screen, starting to capture screenshots whenever the page currently accessed in IE containes keywords such as bank or account Additionally, the Trojan included the usual keylogger component and a module which intercepted all emails sent from the system. We were glad to notice the technique was almost useless against e-banking systems which rely on one-time-pad authentication or hardware tokens. If you have to rely on e-Banking, choose your bank wisely.”]
Source: https://securelist.com/the-persistence-of-memory-chapter-one-keyloggers/29979/