The malware does not just capture bank details and login credentials, but also helps attackers build up a picture of user behaviour and interactions with banking sites.
By building up a profile, cyber criminals mimic user behaviour to bypass security systems designed to detect unusual activity.
The snapshots show attackers how to move money around banking networks and provide information such as how long it takes to enter data that goes into the banks' automated transfer systems.
According to the report, cyber criminals also use information about victims’ behaviour to hide their own digital footprints when they steal the money from the victims’ bank accounts.
Cheap storage and higher bandwidth net links help cyber thieves to extract image streams, according to Brett Stone-Gross, a senior researcher at Dell and co-author of the report.
Read more about banking Trojans
- RSA warns about 'KINS' banking Trojan
- Researchers discover new Android Trojan
- Improved Shylock Trojan targets banking users
- Cutwail botnet spam campaign tied to Zeus banking Trojan
- Zeus variant by-passing security, say researchers
- Cybergang plans to use Trojan against US banks
- Shylock, a new Internet banking Trojan, targets UK banks
- Ice IX Trojan redirects bank phone calls to cyber criminals
- Zeus online banking Trojan threat grows
- New banking Trojan targets UK banks
- UK second on SpyEye banking Trojan hit list, study shows
- Smart Trojans used to ransack bank accounts
Stone-Gross said this method had been used by cyber criminals to steal millions of dollars from bank accounts in mostly unreported thefts, reports the BBC.
Some of the botnets linked to malware covered by the report first emerged in 2006-7, and have survived repeated attempts to shut them down.
"Their longevity is a testament to how much money is involved and how lucrative they are," said Stone-Gross.
According to the report, the top banking Trojans have targeted customers at 900 banks and other financial institutions in more than 65 countries.
While all users of online banking are at risk, Stone-Gross said cyber criminals are increasingly targeting people with access to commercial banking and payroll systems.
The banking Trojan malware is typically distributed through malicious email attachments, compromised websites and online adverts injected with malicious code.
Some of the biggest online heists have used denial of service (DoS) attacks to create a diversion and prevent victims from accessing their accounts.
Top banking botnets
- Gameover Zeus