Brazilian police last week arrested the suspected kingpin of a gang which looted an estimated $37m from online banking accounts. Valdir Paulo de Almeida allegedly masterminded a scam to raid accounts using a Trojan horse sent by email to thousands of victims, mostly Brazilian. This commonly used ploy enables crooks to capture security credentials of victims through keystroke logging.
Using this information, criminals can transfer to themselves the money held in compromised accounts. Typically, the money is washed through the accounts of a number of middlemen to make tracing more difficult. [via The Register]