Cyber criminals have stolen some £20 million ($30 million) from UK bank accounts using Dridex malware, according to the National Crime Agency (NCA).
The agency is warning Internet users to protect themselves against the malware, also known as Bugat and Cridex, and say they are chasing down the "technically skilled" thieves.
One arrest has already been made; Andrey Ghinkul, from Moldova, has been charged in a nine count indictment in the U.S. The "particularly virulent form of malware" has been developed by criminals in Eastern Europe, the NCA says, and it harvests online banking details to steal money from individuals and businesses globally. Computers become infected when users open documents from seemingly legitimate emails. Financial institutions and various payment systems have been targeted, and members of the public could have become victims. Windows users are most at security risk, they say.
The NCA recommends people ensure their operating systems are up to date and that anti-virus software is installed to protect themselves. Two websites - CyberStreetWise and GetSafeOnline - are available for advice and tips. The main advice is: don't open attachments or click on links if they're unexpected. The NCA's National Cyber Crime Unit (NCCU) "have rendered a large portion of the botnet harmless and are now initiating remediation activity to safeguard victims," they say.
They're working in conjunction with Europol, the Metropolitan Police, GCHQ, the FBI, and German and Moldovan authorities, to tackle the issue. “Cyber criminals often reach across international borders, but this operation demonstrates our determination to shut them down no matter where they are,' the FBI's Executive Assistant Director Robert Anderson said. Users in the UK who think they've lost money to Dridex should contact Action Fraud.