India has been the biggest victim of Ramnit, a malware that has infected 3.2 million computers globally and defrauded many others, security software firm Symantec said.
At present, cyber criminals are using Ramnit to mainly focus on information-stealing tactics, targeting passwords and online banking login credentials.
They also install remote access tools on affected computers to maintain back door connectivity.
"Ramnit has affected victims across the world and infections have been found in most countries. The worst affected countries in recent times have been India (27 per cent), Indonesia (18 per cent), Vietnam (12 per cent), Bangladesh (9 per cent), the US (6 per cent), and the Philippines (5 per cent)," Symantec said in a blogpost.
It is estimated that the Ramnit botnet may consist of up to 350,000 compromised computers worldwide, it added.
A law enforcement operation led by Europol and assisted by Symantec, Microsoft and a number of other industry players, have seized servers and other infrastructure owned by the cybercrime group behind Ramnit botnet.
"The group has been in operation for at least five years and during this time has evolved into a major criminal enterprise, infecting than 3.2 million computers in total and defrauding large numbers of innocent victims," Symantec said.
Ramnit began life as worm, first appearing in 2010 and over time, has evolved as its controllers appeared to shift their focus from building the botnet to exploiting it.
The malware is known to spread through the use of removable devices like USB keys and network shares.
The attackers have also spread the threat through public File Transfer Protocol (FTP) servers, through malicious ads on legitimate websites, and bundled the malware with potentially unwanted applications.
"While the amount of infected computers have decreased over time, the Ramnit botnet is still active. In May 2014, Symantec observed around 8,000 daily detections, whereas in November, this number was closer to 6,700," it said.
One of the most powerful Ramnit features, it monitors the victim's web browsing and detects when they visit certain web pages like online banking sites.
It can inject itself into the victim's browser and manipulate the bank's website, making it appear the bank is asking the victim for additional credentials like credit card details. This stolen data can then be used to facilitate fraud, Symantec said.
Ramnit also steals session cookies from web browsers and sends them back to the attackers, who can then use the cookies to authenticate themselves on websites and impersonate the victim.
"This could allow the attacker to hijack online banking sessions," it added.