Security experts have issued a red alert over a previously undocumented Trojan designed to help criminals break into the accounts of UK internet banking customers.

The Banker-AJ Trojan (Troj/Banker-AJ) targets users of online banks including Abbey, Barclays, Egg, HSBC, Lloyds TSB, Nationwide and NatWest, according to security firm Sophos.

Banker-AJ has been coded to lie dormant in the background on infected Windows PCs, waiting for users to visit legitimate online banking websites.

Once the user visits one of a number of banking websites the malicious code is triggered into action, capturing passwords and taking screenshots.

This information is then relayed to remote hackers who can use it to break into the bank accounts of innocent users and steal money, Sophos warned.

The security firm has already reported similar techniques being used by criminals to break into Brazilian online bank accounts, but points to growing evidence of the same trick being attempted against UK financial institutions.

Graham Cluley, senior technology consultant at Sophos, said the Trojan was "like having a mugger looking over your shoulder as you type in your Pin number".

"People are increasingly aware of the threat from phishing emails which direct innocent users to fake banking websites in order to capture personal details. But this Trojan is different - it waits until the user visits a real banking website and then surreptitiously monitors the log-in process," he said.

More information about the Banker-AJ Trojan can be found here.