Most banks require a two-factor authentication procedure to be carried out before they allow their customers to make online transactions. The first step is entering the username and password, while the second step requires them to enter the mTAN or the mobile transaction number. This code is sent to the registered mobile number of the person via an SMS.
Fraudsters use malware to acquire the username and password of a certain user, but it is not possible to log into the bank account unless they have the mTAN. Thus, they came up with some malicious software that leak the login details and then intercept messages for the code. McAfee found 4 such malware currently being used for this purpose. And once they manage to get all the credentials, all they have to do is sign in and transfer funds very conveniently.
In order to save yourself from such a fraud, you need to make sure not to use unreliable sources to access bank accounts. It is advisable to utilize only official bank applications for online mobile banking transactions.