Internet researcher SecureWorks found that the Trojan horse, which may be present on up to one million windows PCs, has been acquiring information from users when they log into online banking services, credit card accounts or internet retailers.
Joe Stewart of SecureWorks warned that the software - known as Clampi - is "having a real impact on users".
"We know of few others that are this sophisticated and wide-ranging," he told ComputerWorld.
Mr Stewart said that there is no way of counting how many computers have been infected, but said that the program monitors the user information required by 4,500 websites.
Earlier this month, research by Gartner revealed that customers using online banking most value the security of the service, with a simple sign-on option and the ability to set up alerts also found to be popular.