More than 4,000 web users every day are being infected by the Pinch Trojan, even though its creators are now behind bars, says Prevx.
According to the security fim, a new version of the malware is penetrating existing antivirus software and then hides on a PC, stealing sensitive personal data such as bank account log-ins and passwords.
Prevx says that currently the Trojan is affecting web users in the US and South America with under 25 percent of those infected based in the UK.
- Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products
- Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester
Jacques Erasmus, director of malware research at Prevx, said: "This is an interesting insight into the modern world of the malware developer. By simply buying the software kit off the internet and adding a few custom tweaks the owner of this particular variation is managing to get round major antivirus software and stealing people's credit card details, passwords and other personal information."
"The signature-based approach is not enough - what is needed is a complementary antivirus approach which can detect malware using a different technique. Only by taking this approach can people catch these latest types of malware."
Prevx has reported the location distributing the malware to the relevant ISP, which has subsequently been shut down.
See also: DIY Trojan kit available online