Tens of thousands of Facebook accounts compromised in days by malware
The malware was designed to copy the credentials in a way that wouldn’t be detected by antivirus programs. The copying process, for instance, remained active for less than one minute. The malware didn’t steal general credentials, and it copied cookies and saved passwords by querying copies of the original cookies and LoginData files rather than through other means.
Source: arstechnica.com