Cyber-crooks have tapped the infamous Zeus Trojan to steal around £675,000 from customers of a major, unnamed, UK bank, according to M86 Security Labs.
The firm says that since 5 July the criminal gang has used the Zeus v3 Trojan and exploit toolkits to compromise around 3000 online accounts at the bank from a command and control server in Eastern Europe. The attack is "still progressing".
Victims are infected by the Trojan - which manages to avoid detection by traditional anti-virus software - while browsing the Internet where it has infected legitimate sites and sits on fraudulent advertisement pages.
When a victim logs into their online banking account the Trojan steals their ID and hijacks the sessions. It then checks the account balance and, if it is over £800, a money transfer transaction is issued to mules.
M86 says it has informed relevant authorities about its findings.