"All told, the malware infected over 1 million computers worldwide and caused over $100 million in estimated losses. ZeusintheMiddle has not caused the same level of damage or losses as GameOver Zeus, but its very existence illustrates the risk posed to mobile platforms, where devices can be infected by malicious apps or via spear phishing emails, and which can then enable cyber criminals to utilize the banking credentials of targeted users on a grand scale," he said.

Demarest warned that Android devices remain a prime target for mobile malware, citing the 2014 Cisco Annual Security Report, which said 99% of mobile malware in 2013 targeted the Android operating system.

William Noonan, deputy special agent in charge at the U.S. Secret Service, said the growing collaboration among cyber-criminals has allowed them to compartmentalize their operations and develop expertise.

"These specialties raise both the complexity of investigating these cases, as well as the level of potential harm to companies and individuals. For example, illicit underground cybercrime marketplaces allow criminals to buy, sell, and trade malicious software, access to sensitive networks, spamming services, payment card data, PII, bank account information, brokerage account information, hacking services, and counterfeit identity documents," he said in his prepared testimony.

Noonan said some of the most popular criminal digital marketplaces that contain consumers' stolen information have about 80,000 users.

"These digital marketplaces often use various digital currencies, and cyber criminals have made extensive use of digital currencies to pay for criminal goods and services or launder illicit proceeds," he said.

NCUA Board Chairman Debbie Matz has called for retailers to cover the costs of any data breaches on their systems instead of financial institutions.