Malicious software (malware) is currently a serious threat to both commercial and retail online banking. As many as one in four computers in the US is infected by malware. Moreover, the value of lost records may be about $215 per record.
The malware most relevant to online banking fraud are of the Trojan horse variety (Trojans). These install themselves on user machines and then may enable a controller to record data from an infected machine (e.g., key loggers), listen in on conversations (e.g., Man in The Middle or MiTM), or even hijack an HTTP session from within a browser (e.g., Man in The Browser or MiTB).
Trojans, as their name implies, are not perceived by the user. They are able to record keyboard entries at given web sites, and thereby steal the users' userIDs and passwords. They are also able to change transactions as they occur, thus the user may think he is performing a legitimate transaction (e.g., paying a bill) but in reality he is sending money to an offshore account. Trojans also allow session hijacking, whereby a remote fraudster performs transactions via the user's infected machine.