Getting the user to give away security credentials through phishing or keylogging is much more effective, and a password's strength is totally irrelevant when it's stolen.
This allows users to enter log-in credentials and other sensitive data without actually typing them on their physical keyboards, therefore protecting the information from malware with keylogging abilities.
The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.