The gang's server logged all the successful money transfers
Cyber-criminals have developed sophisticated ways to remain undetected, a new report finds.
The report, from security firm Finjan, describes how one gang, based in the Ukraine, stole 300,000 euros (£269,000) in 22 days.
It used a sophisticated piece of malicious software which fooled banks' anti-fraud systems as well as forging bank statements to hide the thefts.
It also recruited innocent job-seekers as so-called money mules.
Such mules were needed to prevent a direct money trail being traced back to the gang.
The specific attack, monitored during the month of August, was aimed at the customers of several German online banks.
The German police have been informed.
The server used by the gang has been frozen although it is not known whether gang members have actually been caught.
The gang used infected and fake websites to spread the trojan, a piece of malicious code which, once installed, can access all the data on the infected machine.
From a command and control server hosted in the Ukraine, the code was installed on the computers of bank account holders.
The trojan received specific instructions about how much money to steal from each account as well as the details of the money mule's account into which the money was transferred.
This statement suggests 53.94 euros was transferred. In fact 8,576 euros was stolen
Finjan's chief technology officer Yuval Ben-Itzhak said he was surprised at the level of sophistication employed by the gang.
The code included very specific criteria to make sure the bank accounts of victims were not completely emptied and to ensure the amount being stolen was not so high that it would be detected by banks' anti-fraud systems.
To further obfuscate their crimes, the code used by the gang was able to generate a forged screen showing the transfer of a small amount of money.
The real amount stolen would only be obvious to the victim if they logged into their account from an uninfected computer.
"They wanted to make sure the victim would not find out from their statements. In some cases they deleted transactions completely," said Mr Ben-Itzhak.
Anti-fraud systems are designed to detect unusual money transfers, as well as strange behaviour on customers accounts.
TIPS FOR LOOKING FOR JOBS ONLINE
Do a Google search for the company address
Do a Post Office address look-up for the company address. If none exists it is a fake
If the employer asks to use your bank account, drop the offer
Money mules are increasingly being recruited by cybercriminals as a way of preventing police finding a direct link to them.
"We have spotted money mules being used in the last six months or so," said Mr Ben-Itzhak.
The recession has made it easier to recruit people, he thinks.
"There are more people looking for jobs and if an attractive job offer drops into their inbox, they are going to take it," he said.
The Ukrainian cyber-criminals hired its "mules" by falsely telling them they would be working for a legitimate business.
These "mules" were unaware that they are being sent stolen money, but believed that they are being paid for working from home or other moneymaking schemes.
The money mules in this particular case are being treated as innocent victims and, although they will be questioned, will not face prosecution.