More than 4,000 web users every day are being infected by the Pinch Trojan, even though its creators are now behind bars, says Prevx.
According to the security fim, a new version of the malware is penetrating existing antivirus software and then hides on a PC, stealing sensitive personal data such as bank account log-ins and passwords.
Prevx says that currently the Trojan is affecting web users in the US and South America with under 25 percent of those infected based in the UK.
Jacques Erasmus, director of malware research at Prevx, said: "This is an interesting insight into the modern world of the malware developer. By simply buying the software kit off the internet and adding a few custom tweaks the owner of this particular variation is managing to get round major antivirus software and stealing people's credit card details, passwords and other personal information."
"The signature-based approach is not enough - what is needed is a complementary antivirus approach which can detect malware using a different technique. Only by taking this approach can people catch these latest types of malware."
Prevx has reported the location distributing the malware to the relevant ISP, which has subsequently been shut down.
This story, "Pinch Trojan Infecting 4,000 Web Users Daily" was originally published by PC Advisor (UK).