According to Trusteer, whose Rapport in-browser plug-in software is used by more than 18 million online banking users worldwide, Hiloti infections are almost certainly the result of drive-by download infections.
What is interesting says the firm, is that the infection does not appear to be affecting the US and other international territories, suggesting that it is a carefully targeted attack on one of more UK banking portals
Hiloti is notable for being a tertiary malware downloader, which means it goes on to download other malware such as Zeus and SpyEye, Infosecurity notes.
Once it infects a host system the trojan creates a malicious DLL in the Windows main directory, and hacks the registry to maintain its presence on an infected machine across a normal boot cycle.
According to the Microsoft malware directory, the trojan downloads its tertiary malicious files from a remote server and reports system information back to the server.
Hiloti was first tracked in early 2009, since when it has been observed in the wild being dropped by Win32/FakePowav, says the directory.
Over at Trusteer, Amit Klein, the firm's chief technology officer, said that his researchers suspect that a Hiloti-infecting campaign - which is quite likely to be a drive-by download infection - started on June 20.
"What is interesting is that the infection does not appear to be affecting the US and other international territories, suggesting that it is a carefully targeted attack on one of more UK banking portals", he said.
"We would stress that users of Trusteer Rapport security software are protected from the Hiloti downloader and its financial payload, even if other security defences have not detected it", he added.