Avast said that malware using the Unitrix tactic -- primarily a Trojan downloader that acts as door-opener and a rootkit that hides the malicious code -- increased in volume last month, hitting a peak of 25,000 detections daily.

The pattern of detections -- high on workdays, dropping by 75% or more on weekends -- shows that the attackers are targeting business users, Kubec argued.

Additional analysis done by Avast said that Windows PCs infected with the disguised Trojan were part of a "pay-per-installation" network rented to other criminals, who plant their own malware on the machines.

"[They] provide outsourced infection and malware distribution services for other cyber gangs...apparently based in Russia and the Ukraine," said Avast researcher Lyle Frink in a post to the Wednesday.

Frink identified three command-and-control (C&C) servers that issue instructions to the infected PCs: The servers were located in China, Russia and the U.S.