Security firm Aladdin Knowledge Systems says its security response team is currently uncovering a widening network of infected PCs loaded with the eBay Trojan.
Users have become infected as a result of an e-mail phishing assault and by visiting malicious websites.
The Trojan is being spread through distributed brute force attacks on eBay accounts in an effort to obtain personal information and items sold or purchased via the eBay site.
The phishing operation has enabled the botnet of infected computers to collect active eBay account details as a result of users being persuaded to enter their log-in details on fake eBay websites.
Aladdin says a high number of the victims are based in the UK, and the hackers are aiding their fraud attempts by separating eBay customers between US and non-US victims.
"Through new infection and attack methods, this targeted threat shows that Trojans are continuing to evolve into extremely dynamic, adaptive tools for online criminals," said Ofer Elzam, director of product management for the Aladdin eSafe business unit.