Hm... I'm pretty sure that if you can actually MITM their connection (i.e. you can intercept and modify the packages, e.g. by setting up a rogue Wi-Fi hotspot), you can also fake the DNS and/or IP addresses, so you shouldn't have a problem compromising visitors of https://bankofamerica.com.
you don't need to fake IPs or DNS requests - if you have MITMed their connection then all their traffic flows through your machine and you can present whatever content you desire on any domain.
The point being that you don't have to MITM their connection. The private key is in the wild, you can sign a cert and host it anywhere on the internet. Any visitors who have that see that cert signed by that root cert will say "yep, fine, go ahead".
So then you spam the world with "Important message from Lenovo" and hope they click on https://len0v0.com and install your important update
