Banking Trojans traditionally use configuration files that have been stored on the computer under attack. These configuration files contain the addresses of the compromised websites, and the code, called the Webinject, which they are seeking to add to these websites via the banking Trojans. This code is then responsible for stealing access data and personal information, for example.
Stealth Cloud technology
With this new functionality individual parts of the malware configuration are moved to the cloud. Through this procedure, the malware authors intend to prevent an analysis by antivirus vendors and banks.
Graph 1: Classical Man in the Browser attack
Graph 2: Information Stealer with Cloud technology
For detailed technical information, visit the G Data SecurityBlog: http://blog.gdatasoftware.com/blog/article/banking-trojans-disguise-attack-targets-in-the-cloud.html.