Complex proxy?? You mean a headless browser like phantomjs and a slightly higher latency apparent to the client. Hardly difficult, which leads to the false sense of security these images provide. It's made slightly harder on the order of minutes to write a few extra lines of code.
The code for the proxy itself isn't that complex, no. But it would have to be tailored to the target's banking site. Again, not extremely complex, but more difficult. And actually implementing the attack, including getting a homographic URL or rouge router, is quite a bit more difficult.
Again, the point is that the security image makes the attackers' lives more difficult. The image lends no "false sense of security" because without the image, you'd have the same sense of security.