Security researchers are warning that crooks behind Vawtrak, a dangerous banking trojan, are ramping up its reach and sophistication.

According to PhishLabs, Vawtrak currently ranks as the single most dangerous threat. Only the Zeus family of malware(GameOver, KINS, ZeusVM, Zberp, etc.) would outrank Vawtrak.

Vawtrak is usually delivered in three ways: as the payload of an exploit kit, through malicious spam email attachments or by getting downloaded onto already compromised systems as a secondary malware infection.

Sophos believes that the malware is primarily used to gain unauthorized access to bank accounts through online banking websites. Infected machines form part of a botnet and collectively gather login credentials for online accounts.