British online banking customers have fallen victim to a sophisticated attack by cyber criminals who have stolen hundreds of pounds from their accounts, an internet security company has warned.
The attack, which has been traced to a command and control centre in eastern Europe, has targeted one of the biggest financial institution's UK customer accounts, M86 Security said.
The cyber criminals stole an estimated £675,000 between July 5 and August 4 and the attack is still progressing.
About 3,000 customer accounts are believed to have been affected, although exact figures are still being verified.
The attacks were carried out when unprotected customers were infected with a Trojan — which managed to avoid detection by traditional anti-virus software — while browsing the internet.
The Trojan steals the customer's online banking ID and hijacks their online banking sessions.
It then checks the account balance and if it is more than £800, it transfers money to a different account. The bank targeted has not yet been named.
A report on the threat published by the security firm said: “Because cyber crime is a lucrative business, illegal operations such as (this) one are on the rise.
“These criminals continuously seek new, sophisticated ways to steal information and money without detection. And it's increasingly difficult for security companies to stay ahead of the proliferation of new malware.”
Last year £59.7m was lost to online banking fraud, according to Financial Fraud Action UK. Another £440m was lost to credit card fraud.