This is a do-nothing page to demonstrate that a potential theft of credentials is possible
If I were a real criminal type, I would make effort to make the styling of this injected page match the host page, and I would include a username and password field to scrape credentials.
In theory, it could even be possible to scrape cookies or inject cross-site tracking scripts, but I don't know enough about that.
Username: