[2] In a nutshell example exchange between user and host, such as an Internet banking funds transfer, the customer will always be shown, via confirmation screens, the exact payment information as keyed into the browser.
The use of strong authentication tools simply creates an increased level of misplaced confidence on the part of both customer and bank that the transaction is secure.
Examples of MitB threats on different operating systems and web browsers: Known Trojans may be detected, blocked, and removed by antivirus software.
This overcomes the MitB trojan by verifying the transaction details, as received by the host (bank), to the user (customer) over a channel other than the browser; for example, an automated telephone call, SMS, or a dedicated mobile app with graphical cryptogram.
[30] OOB transaction verification is ideal for mass market use since it leverages devices already in the public domain (e.g. landline, mobile phone, etc.)
[34] TLS Negotiation failed: FAILED_PRECONDITION: starttls error (71): 126011017202752:error:1000012e:SSL routines:OPENSSL_internal:KEY_USAGE_BIT_INCORRECT:third_party/openssl/boringssl/src/ssl/ssl_cert.cc:431: Keyloggers are the most primitive form of proxy trojans, followed by browser-session recorders that capture more data, and lastly MitBs are the most sophisticated type.