The biggest online security firm warns that a new wave of hackers is exploiting weaknesses in email and social networking sites to steal data from their servers.
The threat has been dubbed the “spyware” and the malware was first reported on Tuesday by The Wall St Journal.
It was described by the firm as a Trojan horse for cybercriminals.
“The hackers can use a combination of techniques, including email exploitation, social engineering, and phishing, to get the victims’ email addresses, passwords, and credit card information,” said the firm.
“In the case of email, this includes using spam to trick users into visiting malicious websites.”
The Wall Street JournoList reported on Wednesday that hackers are stealing credit card data, banking information and other personal information from compromised email accounts.
In a blog post, the company wrote: “Cybercriminals are targeting vulnerable email accounts in the hope of stealing credit or debit card information, or even personal financial data from users’ bank accounts.
The information stolen is then sold on the black market or used to launch targeted attacks.
The hackers are often targeting users who are using email addresses that have been compromised, which means they can target users who don’t use the email addresses.”
The attack could be particularly damaging to small businesses and universities, which are using secure messaging platforms such as Gmail, Facebook, and LinkedIn.
“A large percentage of the data stolen from these accounts is stored in encrypted format, which protects the user’s data from unauthorized access,” the company added.
“The majority of the stolen information is sent to a central server, which then decrypts the data and transmits it to the attacker.”
Facebook and LinkedIn both have security measures in place to protect users from the new wave, including sending passwords to help protect users against unauthorized access.
Facebook has also added a system to its email client that prevents the user from clicking on links or opening attachments.
LinkedIn also added an alert to the site that shows users a notification about the potential attack.
The Wall St Journos list said it had identified a small number of companies in the US and Europe that were using different methods to protect their users.