In 2005 I presented in CNASI conference a PoC trojan that uses the authentication from a valid web session from the user to inject it's own transactions.