Previous incarnations of piggy-back malware have simply harvested user credentials for later access by hackers, but the fact that financial services are increasingly using two-factor authentication means that hackers are now being attracted to real-time parallel hacking of legitimate data sessions.
This, Infosecurity notes, has profound implications for anyone accessing data remotely where the entire session is not completely encrypted and secured.
According to the MIT Technology Review newswire, an account manager at Ferma, a Californian construction firm, accessed his firm's bank account online using a one-time transaction authentication number.
Unknown to the manager, his data session was hacked in real time and - despite the security of the session - the hackers piggy-backed their session on his, and siphoned off $447 000.
The interception of the data session using a trojan infection has potentially severe repercussions for the use of two-factor authentication devices by a growing number of electronic banking service users, as despite the data session being authenticated, it is still hackable in real time.
MIT Technology Review newswire quotes Sam Curry, vice president of product marketing with RSA Security - which produces the SecurID two-factor authentication device used by many third-party companies - as saying that, whilst one-time password technology and other additional security measures can raise the bar against attackers, it will not keep them out forever.
"Companies should be very leery of both prophecies of doom, like the death of a technology, and rosy visions of security", he said.
"Everything is breakable", Curry concluded.