According to a report in the West Sussex County Times, the criminals infected computers with a trojan that waited until a user logged onto an account and then slithered its way into online cash transfer procedures.
Shown a page with a faked Natwest logo and a message that it was an additional security measure, victims would be persuaded to type in passwords, PIN numbers and telephone numbers.
The virus would allow users to continue normally, but was secretly creating new payee details to siphon the cash into mule accounts, and then to Eastern Europe.
According to the report, 138 customers were affected with 600,000 transferred. Natwest managed to recoup 140,000 after the scam was uncovered.
A 24-year-old Uzbekistan national and three co-defendants pleaded to conspiracy to defraud and money laundering. They will be sentenced in November.
This was the first successful operation for the Police Central e-crime Unit, which was involved in investigating the banking fraud and making the original arrests.
It is working as part of a Virtual Task Force, comprised of partners across the financial services industry that share intelligence connected to criminal activity.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.