Clients of such UK banks as NatWest, Barclays and HSBC are receiving lots of malicious emails that want to install malware on their PCs. According to security experts, the list of targeted banks is quite wide – for example, the clients of RBS, Lloyds Bank and Santander also receive the emails redirecting them to sites hosting the same malware.

According to the report, about 30,000 of such malicious emails were sent out in a single day in the attempt to steal victims’ online banking credentials. It was revealed that the attacks were carried out from servers in the United Kingdom, the United States, France, Turkey and Russia.

The trojan called Dyreza or Dyre installs itself on the user’s PC and hides until the user enters credentials on a specific website – in most cases, a login page of a bank or other financial service. Security experts call it a “man-in-the-browser” attack: the cybercriminals inject malicious Javascript code to steal credentials and further manipulate accounts.

It should be noted that this trojan is not an entirely new cyber-threat, because it was first detected last year. At the time, its main delivery method was also emails pretending communications from banks, including various attachments. It is somewhat similar to Zeus – the notorious malware that managed to infect tens of thousands of machines all over the globe six years ago. What is the most worrying is that the recent trojan can bypass the SSL security used by online banking services.

Security experts point out that bank customers may be held responsible for any losses caused by their PCs becoming infected by the malware. They say that mitigating this vulnerability does not lie in the hands of the targeted banks, but in the user’s own actions.