The Man-in-the-Browser attack is the same approach as Man-in-the-middle attack, but in this case a Trojan Horse (sometimes referred to as Crimeware) is used to intercept and manipulate calls between the main application's executable (i.e. the browser) and its security mechanisms or libraries on the fly. The Man-in-the-Browser enables Financial Fraud and Cybercrime by allowing the attacker to manipulate transactions of Internet Banking systems, even when other authentication factors are in use. Having said that, it's hard to impossible for the victim to notice such attack while he is accessing a web application like an internet banking account, even in presence of SSL channels, because all expected controls and security mechanisms are displayed and work normally and there is no change in the user’s experience.
A product of Security Art - link