Finjan claims that the trojan - dubbed URLZone - is designed to thwart systems that detect unusual transactions.
The trojan malware reportedly determines how much is available in an infected computer user's bank account, steals some of the balance whilst they are logged in, and shows a fake balance to cover its tracks.
Finjan said that the German trojan driven thefts were controlled by a server in the Ukraine. Of the 90 000 computers that visited the sites that have the malware, Finjan said there were 6400 infections and about US$438 000 was stolen from several hundred accounts.
In the business IT security vendor's latest cybercrime intelligence report, Finjan said that the trojan techniques used are the start of a new trend that is expected to grow.
"These techniques add functionality aimed to minimise detection by traditional anti-fraud technologies in use by banks. More than a year ago Finjan identified the Zeus bank trojan which today has become one of the most popular trojans used by cybercriminals to steal money from banks' customers worldwide", said the report.
Yuval Ben-Itzhak, Finjan's chief technology officer, said that cybercriminals continue to follow the money, with bank accounts steadily remaining a favourite among their targets.
"To avoid detection, cybercriminals continue to improve their methodologies for stealing money and going under the radar from the victims and banks alike."
"With the combination of using sophisticated trojans for the theft and money mules to transfer stolen money to their accounts, they minimise their chances of being detected."
According to Ben-Itzhak, in this case, the specific criteria that the trojan received from its `command & control' centre mark a whole new level of cybercrime sophistication in the techniques used by cybercriminals.
"Using these methods they successfully evade anti-fraud systems that banks deploy, we dubbed it the `anti anti-fraud.'"