The SpyEye malware has been connected to a recently discovered attack on customers of two German travel services.
Security firm Trusteer said that it had uncovered versions of the malware attempting to pull data from infected machines on the sites of Air Berlin and AirPlus.
Classified as an HTML injection tool, SpyEye is able to intercept web pages on an infected system and add code into the HTML file before it is displayed to the site visitor.
Trusteer chief technology officer Amit Klein told V3.co.uk that AirPlus log-in pages were being altered to add input boxes requiring information such as credit card number. The information is then collected by the malware and sent to an upload server.
However, Klein said that the more interesting attack was on Air Berlin where the malware was being directed to harvest account information, but the aim of the attack appears to be harvesting frequent flyer miles.
The malware operators are presumably looking to make money from the collected miles, but Klein said that Trusteer is not quite certain how the transactions would take place.
"The attack on Air Berlin is more interesting because it is not directly cash. They still need to convert the miles into cash. It needs more links in the chain," he said.
The attacks are also the first commercial site hacks from a malware family which has until now been focused on the financial sector.
Klein said that the expansion from banks and financial institutions to commercial sites is to be expected from a malware franchise as large and successful as SpyEye.
"Targeting banks directly is one profitable way of exploiting this combination, but it is not mutually exclusive to have other sites targeted," he explained.
"If you can attack multinational sites and turn that into money as well, it is two for the price of one."
Climate change likely forced inhabitants of Indus Valley civilisation to resettle in the Himalayan foothills
Shift in weather patterns made agriculture almost impossible in the Indus Valley region
Researchers claim that the magnetic properties of a thin-film material can be controlled by applying a small voltage
Dubbed Antlia 2, the ghost galaxy sits just 130,000 light-years away from the Milky Way
Delays to the roll-out of age verification for adult websites hasn't stopped government from considering extending them to more websites