The banking industry often employs two-step security measures as an added layer of protection against password theft and fraud. The Man in the Browser attack works like this: Malicious code is first introduced onto the victim’s computer where it resides in the web browser. Once the user attempts to log in, the malware activates and runs between the victim and the actual website. Once that happens, the attacker has full access to the account and can hide records of money transfers, spoof balances and change payment details.”]
Source: https://gizmodo.com/new-man-in-the-browser-attack-bypasses-banks-two-fact-5882888