http://www.zdnet.com/article/symantec-data-stealing-hackers-...
IIRC this tactic was used during the massive Target data breach in 2014.