Web users are being urged to be careful when surfing the web following the identification of a new virus known as Clampi.
The Trojan, which is also known as Ligats or Ilomo, is currently spreading across thousands of PCs in the UK and the US and can be picked up from websites hosting malicious code.
It then hibernates on a PC, without the user's knowledge, stealing logins and passwords for online bank accounts, which it sends to the cybercriminals behind the Trojan.
Security firms say the cybercriminals behind Clampi are monitoring around 4,500 finance-related websites which include UK banks, online casinos and credit card companies.
Orla Cox, security operations manager with Symantec, told The Times: "Clampi is a complex threat. People are only just beginning to understand how it operates. The first big wave was in the US in July, but it is spreading around the world, particularly English-language countries. We have seen samples of it targeting UK high street banks. There is potential for another wave to come."