sorry if this is a dumb question, but how exactly does this compromise 2FA?
all of the compromised data is browser-based (something you know, not something you have), with the exception of "stolen text messages". but old text messages shouldn't overcome SMS 2-factor authentication because those one-time codes are only good for a very limited time. and if you use TOTP-based 2FA, you should be completely safe.
can somebody walk me through this?
If found
another article , and it says that stolen cookies can be used to fake the identity of victim's machine, and thus login without a 2FA check on some sites. However, there are still a lot of unexplained details, like how they avoid 2FA checks on withdrawals, how do they spoof IP address and so on.
It's an interesting topic and people who have very important online accounts, like traders, should definitely check it, so here's some links:
https://security.stackexchange.com/questions/178663/why-isnt-stealing-cookies-enough-to-authenticatehttps://stackoverflow.com/questions/2498599/can-some-hacker-steal-the-cookie-from-a-user-and-login-with-that-name-on-a-web-sMaybe on some sites you can remove 2FA if you have access to the email, and if this malware can give access to victims email, they can get all the control they need.