Since everyone seems so knowledgable here lol hey guys i have a question, see let me explain the situation. In south america a lot of banks now require a token (7-15 Alphanumeric password that changes every 1-2 minutes) to actually transfer money. I used to do banking with spamming and then with traffic but i would get too many bank logs at the same time for me to handle it. i was wondering if a botnet like zeus, citadel, spyeye etc would be a better use for me and if so which one? I have used zeus for US banking long time ago when it was prvate and it was above 5k to buy and it went pretty good with chase and BOA. but that is my only experience with botnet because i started to buy google and bing traffic for scam pages but my guy disappeared.
That type of security is beaten easily by Man in the Middle (MiTM) or Man-in-the-browser-attacks. Upon execution of the malware this sends the victim's smartphone an HTML/JavaScript Webpage that poses as a token generator from the victim's bank.
When the victim enters his or her password in order to get the token, the malware sends the password, together with the IMEI and IMSI numbers of the victim's smartphone, to a specific cellphone number, as well as one of its C&C servers.
Later Versions of Spyeye had this, can't remember if Citadel had its own 2FA decryption mechanism in place, but it could be very easily requested in CRM Store if it wasn't. But that doesn't matter as it's discontinued product.
Your best bet would be to get in touch with Carberp Author, or private russian banking trojans. Otherwise, if you want a heavily customized tool you can always consult a malware author to code one of your likings.