Hackers have found a way to intercept passwords for banking websites by infecting pop-up ads with a program that can install itself on computers and record user keystrokes, security experts said on Wednesday.

The new type of threat was discovered last week by the Internet Storm Centre of the SANS Institute, a collaborative effort of private security firms and university researchers.

Storm Centre director Marcus Sachs said hackers apparently infiltrated advertiser servers and effectively “poisoned” certain pop-up ads to install a program that reads keystrokes and relays them to a website operated by hackers.

“The evil part of the scheme is that it has a list of about 50 banks, and if it detects that your browser is going to that bank… it looks for login passwords, and intercepts that information before it gets encrypted,” Sachs said.

He said the latest threat is a variant of “spyware” which installs programs on the computers of those browsing the internet and can sometimes hijack browsers.

More here.