Hackers are able to intercept the security text messages banks send to online banking customers' phones to validate them as they log in.
The malware, a version of the SpyEye bug, complements its PC version to steal banking data across channels, according to the security vendor Trusteer Ltd., which announced the discovery of the new malware variant.
"The desktop portion of SpyEye captures the username and password," Amit Klein, Trusteer's chief technology officer, told Computerworld.
The ability to intercept text messages "was the piece that was missing," he added.
Fraudsters that have infected a user's PC can instruct the user to download the Android malware when they detect a bank is trying to send a security code via text. So far the Android version has been spotted only in Europe and Australia, the article said.