State of the art attack fleeces banks of millions

It all starts in the same way as most attacks, with victims being infected via email and website links which install a generic Trojan to steal data by copying everything entered at a browser window to a compromised server. This data is then analysed and filtered, and any signs of commercial banking transactions of any decent size are noted. This can then identify the best victims to target with spear phishing techniques used to get the Prg Trojan installed by masquerading as a new security token for example. Now, everything that the victim does with their bank online is carefully scrutinised, with the Trojan learning to simulate online transactions, transfer and payments. The criminals are alerted by the Trojan when it has enough data to be able to do all this successfully, and when the victim starts any transaction. The criminal can then perform the man in the middle attack by piggybacking the session and compromising the entire account. More often than not the attackers will not even know the victims username, let alone password. Neither is needed because the software handles all of that.