Internet banking authentication systems including two-factor security systems are being threatened by a new Trojan.
The new Trojan, spotted in various forms in recent weeks, poses a potentially serious threat to most authentication systems being rolled out by banks to protect their electronic customers.
"Most of the banks' two-factor authentication systems centre around the use of a customer-supplied password, plus a unique, one-time code generated by an electronic token such as a SecurID unit or a user's mobile phone," said Geoff Sweeney, CTO at security behavioural analysis firm Tier-3.
"This new Trojan, called Silentbanker, allows hackers intermediary access to the information stream from the user, allowing them to create a man in the middle type attack during an e-banking session.
"This effectively counters the protection afforded to users by the two-factor authentication technology," he said.
Sweeney said updated security software should spot the Trojan, but he added that modified versions of the threat could potentially evade established security systems.