Between May 2009 and last month, at least $3 million was taken from U.S. accounts, U.S prosecutors said, according to the Wall Street Journal.
Prosecutors say that hackers designed malicious software and hid it in an e-mail. When unwitting users opened the e-mail, the virus would monitor computer activity to get user names and passwords.
The hackers then used this data to move money from the victims' bank accounts into accounts held by so-called mules, who agreed to launder the money, prosecutors say.
The alleged scam hit five banks, including JP Morgan Chase (JPM) and Ally Financial, as well as dozens of individuals and companies.