In Kaspersky's 2020 Incident Response Analyst Report they listed legitimate tool "Mouse Lock" as being used for both credential access and collection in security incidents.

Detects potential use of UIPromptForCredentials functions by looking for some of the DLLs needed for it.

Detects attempts to use system dialog prompts to capture user credentials