Cybercriminals operating the Retefe banking Trojan have added a new feature to the malware, launching a fresh wave of attacks.
The hackers behind the malware have added the leaked NSA EternalBlue exploit that helped propagate the massive WannaCry ransomware epidemic in May.
Although Retefe isn't as notorious as other banking Trojans such as Dridex and TrickBot, the malware has been active since 2013 and has previously targeted banks in the UK, Sweden, Austria, Switzerland and Japan.
Security experts have observed a new phishing campaign targeting Swiss banks, using malicious Microsoft Office documents to steal users' credentials and money.
"We are observing increasingly targeted attacks from this group, that, with the addition of the EternalBlue exploit, creates opportunities for effective propagation within networks once initial targets have been compromised," security experts at Proofpoint said in a blog.
Security experts say the EternalBlue exploit has since been swiftly adopted by cybercriminals looking to boost their malware's power.