The National Crime Agency has revealed that the Dridex malware has swiped up to £20m from UK bank accounts, while worldwide losses may have already hit $100m.
One of the alleged hackers behind the attack, Andrey Ghinkul, has been arrested, and a large chunk of the botnet has been now been taken down.
Mike Hulett, Head of Operations at the National Crime Agency’s National Cyber Crime Unit (NCCU) said: "This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes.
"Our investigation is ongoing and we expect further arrests to made."
The Dridex malware is put on a computer via a macro embedded in a file. It’s normally a Microsoft Office one, sent as an attachment.
Once on a machine, the hackers have significant access to the infected computer, including login details for services like online banking.
The UK’s NCA is also working with the FBI in America. Its Executive Assistant Director Robert Anderson said: "We urge all internet users to take action and update your operating system. Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails".
The malware is also known as Bugat and Cridex.