Endpoint Malware is not MitM, by definition
Much is being made about somebody with an authenticator getting their World of Warcraft account hacked: Man in the middle attacks circumventing authenticators.
From the original poster:
I was online, got a memory access violation critical error. Not being all to savvy with this, I didn’t pay extra attention to it.
This doesn’t sound like a man-in-the-middle attack to me. This sounds like a good old-fashioned compromised endpoint. An pwned box, if you will.
A MitM attack involves an active attacker who views and changes messages on the communications link between two endpoints. Any attack involving a compromise of the endpoint itself is, by definition, something else.
No login authentication scheme can help this. The legitimate user was, after all, logging in. The fact that his authentication keystrokes were being forwarded to the bad guys is just a technicality. It was effectively just a bandwidth-saver for the bad guys, who could have viewed his screen remotely and injected their own keystrokes and after he had logged in. Although one suspects that driving his character to the bank and mailing out all the valuable magic items might have prompted the user to turn off the PC!