The login credentials for hundreds of thousands of online bank accounts and debit and credit cards have been stolen by "one of the most pervasive and advanced pieces of crimeware ever created," according to the RSA FraudAction Research Lab.
RSA says the Sinowal Trojan has compromised and stolen login credentials from approximately 300,000 online bank accounts and a similar number of credit and debit cards around the world since the security firm began tracking it in February 2006.
The compromised data belongs to customers of hundreds of banks in North America, the UK, France, Spain, Germany, the Netherlands, Italy, Australia, China and Malaysia, among others.
Sinowal, also known as Torpig and Mebroot, infects victims' computers without a trace, says RSA. It uses an HTML injection feature that effectively inserts new Web pages or information fields that look legitimate into the victim's Internet browser.
The trojan is triggered by more than 2,700 specific URLs when victims visit bank Web sites. It then prompts the user to enter personal information such as social security numbers.
Sinowal is still active and the security firm says it is extremely unusual for just one online gang to maintain a trojan for over three years.
The creators have managed to keep it running for so long by periodically releasing new variants and registering thousands of Internet domains for its communication resources.
RSA says Sinowal has had strong ties to the notorious Russian Business Network, but says its current hosting facilities may have changed and are no longer connected to RBN.
The security company says it has now contacted several law enforcement agencies with its findings.