Threat actors may gather credential material by invoking or forcing a user to automatically provide authentication information through a mechanism in which they can intercept.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.