The attack, a new version of trojan horse SpyEye software that targets computers using Windows, has been detected in the United States and the United Kingdom.
According to Trusteer, a security company which detected the attack, the software, which steals your bank passwords to give access to your account, waits for you to enter the same banking details before "adjusting" what you see.
The idea is to gives criminals more time to usedebit card details on fraudulent transactions without the person realizing it's happening.
The malware is designed in a way that when one visits his or her online bank, there will be no trace of the transactions that cyber-criminals are using to empty the bank account. Worse, the balance will also be adjusted on screen so it looks as if nothing is happening. The next time the victim visits their online banking site, the malware hides the fraudulent transactions, as well as artificially changing the total balance.
As a result, the deceived customer has no idea that their account has been 'taken over', nor that any fraudulent transactions have taken place. SpyEye is a tweak of the Zeus crimeware kit that grabs web form data within browsers," says the Naked Security blog at web security experts Sophos.
The new Trojan, instead of intercepting or diverting email messages, hides bogus transactions even after users have logged out and then logged back into their accounts. With hi-tech cyber attacks such as SpyEye, there are few visible signs that anything is wrong. There are defences, though - ensure your browser is up to date, manually updating it if necessary," experts said.
Thus, it is important that users should ensure that the "anti-phishing option is switched on" in their web browser that which will check for "blacklisted" websites and prevent the browser from being directed to the "fake" version that delivers your bank statement.