IT HAS a sexy name that aptly describes the sneakiness of its attack.

Called Trojan.Silentbanker, a new software is now targeting more than 400 banks worldwide by stealing unwitting users' bank data. It intercepts account information before it is encrypted.

It can also redirect it to a central attacker-database.

And for those who do online money transfers regularly, this could turn out to be dangerous.

The reason: On an infected computer, the program can change the user-entered destination bank account details to the attacker's account details instead.

It ensures that the user does not notice this change by presenting the user with the details they expect to see.

Since the user doesn't notice anything wrong, he will enter the second authentication password.

This is exactly what the attacker wants because the user has unknowingly handed over the money to the attacker.

American Internet security firm Symantec said "the scale and sophistication of this emerging banking Trojan is worrying".

It added that "not only are the usual large American banks targeted but banks in many other countries are also targeted, including France, Spain, Ireland, Britain... the list goes on".

Most banks here, despite using the supposedly secure two-factor authentication (2FA) system, are vulnerable, too.

IT expert Aloysius Cheang, president of SIG2, a leading body for IT security professionals here, said: "The two-factor authentication system is not a Holy Grail for total security. It is dependent on other components in your system.

"So, users, especially home users, need to tighten the overall security of their PCs and laptops in order to prevent this wave of Trojan attack."