Polish security researcher Piotr Duszy..ski has released a tool that can bypass login protections for accounts protected by two-factor authentication. Modlishka is a reverse-proxy tool that sits between a user and whatever website that user is logging into. It allows the legitimate website content to display for the user and then intercepts all of the traffic flowing back and forth. An attacker in real time can not only observe the victim s credentials, but also whatever 2FA code he or she inputs. Acting quickly, the malefactor can then log into the account themselves.
Source: https://threatpost.com/2fa-broken-authentication/140776/