What is a Man-in-the-Middle (MITM) / Man-in-the-Browser (MITB) attack?
An attacker secretly inserts themselves between two parties to read or manipulate the traffic — MITB does it from inside the victim's browser.
In a Man-in-the-Middle attack, malicious code slips unnoticed between your computer and, say, your bank, taking control of the data flow — including the ability to manipulate transactions (not just eavesdrop). Man-in-the-Browser is a variant operating inside the browser itself, altering what you see and send.
A classic defence — out-of-band confirmation: the mTAN approach splits the transaction across two channels (internet + mobile network) and sends a confirmation (amount, partial recipient account number) to your phone. Since the attacker controls only the browser channel, you can catch a manipulated payment before it's sent.
Tip: MITM breaks both confidentiality (they read it) and integrity (they can change it). TLS with proper certificate validation is the front-line defence on the web.