Europol has seized control of domains and servers being used to propagate Shylock malware used against banks around the world.
Also known as Caphaw, the malware is claimed by the international police group to have infected at least 30,000 computers running Windows worldwide, with the UK being the prime target.
Andy Archibald, deputy director of the National Crime Agency's (NCA) cyber crime unit, said: "The NCA is coordinating an international response to a cyber crime threat to businesses and individuals around the world.
"This phase of activity is intended to have a significant effect on the Shylock infrastructure, and demonstrates how we are using partnerships across sectors and across national boundaries to cut cyber crime impacting the UK."
Shylock works by intercepting online banking activity to steal credentials, with the gang who exclusively control it likely based in Russia or eastern Europe, according to security firm Symantec.
"The attackers have a professional attitude and Shylock has been continually updated in response to security countermeasures employed by targeted banks," it said.
Hackers are said to have used a variety of tactics in distributing the malware, including malvertising, fake web browser updates and emailing infected PDF attachments.
Yet Symantec believe the main source of infection is exploit kits such as Blackhole or Styx, which allow hackers to deliver malware on a local basis.
The UK is believed to have been targeted by the group due to its relatively small number of banks and high rate of online banking, though countries such as Italy, the US and Turkey have also been affected.
"Since the attackers have to tailor the malware to perform attacks on individual banks, this makes the UK market doubly attractive," Symantec added.
It estimates the gang has stolen several million dollars since the creation of the virus in 2011, with more than 60,000 infections detected within the last year.