Anti-virus technology vendor Sophos is warning UK consumers of a new Trojan horse, called the Banker-AJ Trojan (Troj/Banker-AJ), which records login details and passwords when customers visit legitimate online banking Web sites.
Sophos is warning that the Banker-AJ Trojan targets users of online banks such as Abbey, Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest.
Banker-AJ lies dormant in the background on infected Windows PCs. Once a usr visits a legitimate banking sites it springs into action, capturing passwords and taking screenshots. This information is then relayed to remote hackers who can use it to break into accounts.
Graham Cluley, senior technology consultant at Sophos, says the Trojan waits until the user visits a real banking Website and then surreptitiously monitors the login process.
"It's like having a mugger looking over your shoulder as you type in your PIN number," he adds.
Sophos says it has monitored the use of this technique by Brazillian criminal gangs, but now there is growing evidence of the same trick being attempted in the UK.
In August, the National Hi-Tech Crime Unit and UK payments association Apacs alerted consumers to a similar Trojan e-mail attack targeting online banking customers.