That's a regular MitM attack, just with, specifically, Angular. If you can convince someone to go to malicious-bank.com and log into it with their real credentials, you've successfully phished them. If you go a step further and show them the real information from the real website, thats going a step further, but by then it's game over already.
If the attacker's already convinced you to give them your username/password (and 2fa), why bother showing the victim a fake (Angular) website?
A password manager/passkey/yubikey protects against this by checking that the url is bank.com and not malicious-bank.com, but unsophisticated users fall for this attack every day.
A bit loss of context. Angular was mentioned in the context of how servers serve Angular apps: if instead of server index.html server would serve a different whole url.
And my worries are mainly due to the solution I proposed (as a patent(!)) and later on abandoned.
I am wondering whether to invest in this my time and furthermore additional money.
Again, I haven’t yet tested it. But I’d like to hear what community has to say with relevance to that about my direction with the solution I’d been working on.
If the attacker's already convinced you to give them your username/password (and 2fa), why bother showing the victim a fake (Angular) website?
A password manager/passkey/yubikey protects against this by checking that the url is bank.com and not malicious-bank.com, but unsophisticated users fall for this attack every day.