Security analysts are warning of an improvement in the SilentBanker Trojan that makes it harder to detect and more effective at stealing data.
SilentBanker specifically targets financial web pages and tries to steal log-in details using a key-logger. Although it has been around since last year the new version has a rootkit that makes finding infected files very difficult.
"Whenever a user tries to view any files on the computer, the Trojan intercepts that request and removes any reference to the Trojan's files, making the files invisible," said Symantec researcher Liam O'Murchu.
"The last version of SilentBanker targeted over 400 banks, some of which use two-factor authentication.
"The current version, as well as hiding itself, has added extra protection to its configuration files in order to make it more difficult to discover which sites are being targeted."
When a user tries to search in the registry for files that indicate an infection, the rootkit in the Trojan intercepts the search request and automatically hides its files from view.
SilentBanker is causing major concern because it is especially good at defeating two-factor authentication. This involves the user having a separate log-in token that is synchronised with the bank's server to augment a password.
The Trojan subverts the two-factor transaction by intercepting communications before they are encrypted and forwarding them to the attacker, essentially making the security of two-factor authentication useless.
The software is being spread via spam and may prove very costly given the current wave of phishing attacks being propagated in the light of the recent world banking crisis.
Commons Science and Technology Committee calls for new post-Brexit skilled-workers immigration system
Committee calls for visa-free travel and permit-free work for skilled workers
Eleven 'normal' outer moons, and one described as 'oddball' found circling Jupiter
Scientific discovery has found a quadrillion tonnes of diamonds in the earth's mantle
Mobile payment app makes users' details public by default