The UK's National Crime Agency (NCA) and the Federal Bureau of Investigation (FBI) are on the hunt for cyber-attackers who hacked into British bank accounts and stole more than $31 million.
So far, one person has been arrested.
An NCA spokesperson said the hackers used malware identified as Dridex and "harvested" victims' online banking details to siphon off funds.
The spokesman said the NCA has enlisted the help of the FBI and other authorities to "limit the malware's usefulness".
The US Department of Justice says a Moldovan citizen, Andrey Ghinkul, has been arrested in Cyprus and the U.S. is seeking his extradition.
One expert has told media despite the one arrest, the hackers have been "particularly cunning" to avoid being detected.
Cybersecurity expert Prof Alan Woodward, who consults for Europol says, "This is very sneaky software that relied on people not being vigilant with their online banking. If you imagine thieves making lots of little transactions, rather than one big one, it is more likely to go unnoticed."
The Dridex Trojan infects computers through a malicious Microsoft Office document - usually a bogus invoice - which is emailed to victims. The hackers rely on victims downloading it onto their machines, rather than exploiting security holes in operating systems.
"Banks have software running constantly in the background looking for suspicious transactions, but criminals are adopting patterns that are not flagged up," says Prof Woodward. "With thousands of computers infected, they only need to take a small amount from each bank account and suddenly they've got millions."
The FBI is encouraging people to use anti-virus software on all computers and Professor Woodward says, "All the usual advice applies.Don't open unexpected email attachments, even if they appear to be from the bank. And check your bank statement for suspicious transactions. Query anything you don't understand, even if it's a small amount, as criminals may be taking a small amount from millions of other people."