"The trojan in question is rather sophisticated," the company posted in its research blog. "It is written in C++ and uses rootkit techniques to conceal its presence, though on occasion, its files are visible. The trojan downloads a number of encrypted modules (DLLs), which are decrypted in memory when injected to the browser or other processes to avoid detection by antivirus software," it continued.
Some of those libraries grab email addresses, encrypt and manage the malware's processes, remove other forms of malware on the machine, as well as block installed antivirus applications.
The Trojan can also grab user credentials during the session, including one-time-passwords. The malware relies on both technical attacks as well as social engineering tactics designed to walk users through a transfer they think is a demonstration transfer.
S21sec has a snippet of the Trojan's code on its site.
While the Trojan is currently targeting European banks, mainly in Spain, United Kingdom, Germany, and Portugal - these attacks rarely remain localized.
Unfortunately, according to the security firm, the anti-virus detection rate of this Trojan is currently very low.
For my security and technology observations throughout the day, find me on Twitter.