The Sinowal Trojan may have been working back as early as February 2006 to compromise and steal login credentials from about 300,000 online bank accounts and a similar amount of credit and debit cards. No specific bank names were revealed by RSA, “as it is critical to protect their privacy and security,” a spokesperson says. The research team says its findings are “startling,” and that little is known of the source of the Trojan. It had strong ties earlier in its life to the now infamous Russian Business Network (RBN)”]
Source: https://www.cuinfosecurity.com/rsa-report-500000-banking-ids-stolen-a-1041