Yes you can do that. If we just simply added 2FA to the wallet software that would be no good, it would be very simple to bypass. You need use multisig, a service like greenaddress holds one of the private keys for your multisig wallet and co-signs each transaction after you auth with them using 2FA. Electrum already has plugins for various services that do this.

The security of 2FA is often over-hyped and many people are using it as a sort of catch-all security measure which is insanely stupid. Instead of using strong passwords and good security practices, many people just turn on 2FA and assume they are now impossible to hack. Even if you do use 2FA you cannot prevent the malware from modifying your transaction. You might think you are sending to some bitcoin address but a sneaky piece of malware could very easily change that address to the hackers one without your knowledge. Existing 2FA systems cannot protect against that kind of thing.  TOTP 2FA which is what Google Authenticator and almost everything else uses was designed to try and figure out if the account owner is the person behind the keyboard, it wasn't really designed to prevent you from any kind of hacking or malware, if your computer is hacked or infected then it is useless, it does nothing to stop the hacker at all in that situation.