A diversification of targets for a clever keylogging attack suggests that several hacking groups may be using the “ScanBox” framework, which spies on users without installing malicious software.