News 

The information was harvested over the last three years using the Sinowal Trojan, which is typically found on gambling or porn sites, according to RSA FraudAction Research Lab, the security firm that discovered the attack.

The worm triggers when a user visits one of 2,700 banking URLs, and initiates a HTML injection attack that creates legitimate looking fields on the website, prompting the user to enter a national insurance number,

ADVERTISEMENT

or other piece of personal information. This information is then uploaded to a server, before ultimately being sold on.

"This may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters," reports RSA on its blog. "Only rarely do we come across crimeware that has been continually stealing and collecting personal information and payment card data, and compromising bank accounts as far back as 2006.

"In addition to its longevity, Sinowal has also been evolving at a dramatic pace - its rate of attacks spiked upwards from March through September of this year," the blog adds.

The lab claims the Sinowal Trojan was once associated with the infamous Russian Business Network, but may now be under the control of a new gang. However, it is still going strong and the lab claims it has stolen the login information for 100,000 online bank accounts in the last six months alone.