Stuttgart - German police said Friday they have uncovered an internet scam that relied on a trojan virus to spy on banking transactions conducted by 2.5 million private computers worldwide and divert at least 1.65 million euros (2.3 million dollars).
The suspects in the scam, who partly worked from Estonia, are said to have released the Katusha virus on the internet last year.
The gang also recruited 470 people to act as conduits for the stolen funds. They are now likely to face money laundering charges.
Investigators started raiding gang members' homes in August, but kept silent as they worked to dismantle the scam. Police searched four apartments in Germany, five in Estonia and a home in Britain.
German police are now seeking to extradite four people from Estonia.
Police in the southern German city of Stuttgart said that the Katusha software managed to alter 260 genuine web transactions by bank customers so that much larger sums of money were remitted and the funds were sent to the criminals.
The software was installed on private computers either through virus-infected PDF files or when users with vulnerable internet browsers opened websites run by criminals.
Katusha changed so frequently that anti-virus software was often unable to recognize it.
Police said it lurked in computers until owners carried out online banking transactions using the secret transaction numbers provided by banks as a security measure.
In the split second before the transaction completed, the software would then alter both the amount and recipient data.
For users, these alterations were invisible. The software even changed online bank statements to hide the fraud. The thefts were only visible on paper bank statements.
Police advised web users to check their personal computers and make sure they have not been infected.