The United States has charged three young East European men with running an international cyber theft ring that broke into a million computers, including at NASA.

Officials say the trio used a malicious computer code or malware, dubbed the Gozi Virus, to infiltrate computers across Europe, then America.

The federal prosecutor's office says the trio caused "millions in losses by, among other things, stealing online banking credentials".

The alleged designer and "chief architect" of the virus, Russian national Nikita Kuzmin, was detained on US soil in 2010 and pleaded guilty the following year, pledging to cooperate with investigators.

Possibly as a result of that cooperation agreement, the 25-year-old's alleged partners were nabbed at the end of 2012.

Deniss Calovskis, known as "Miami," 27, was arrested in his native Latvia in November, and is charged with writing some of the computer code that made the Gozi Virus so hard for authorities to detect.

Mihai Ionut Paunescu, whose nickname is "Virus," was charged with running the so-called "bulletproof hosting" service that allowed distribution of the Gozi and other viruses.

Paunescu, 28, was arrested in his home country of Romania in December.

FBI assistant director-in-charge George Venizelos hailed the charges.

"This long-term investigation uncovered an alleged international cybercrime ring whose far-reaching schemes infected at least one million computers worldwide and 40,000 in the US, and resulted in the theft or loss of tens of millions of dollars," he said.

Manhattan chief federal prosecutor Preet Bharara likened the alleged gang to the notorious American bank robber William "Willie" Sutton.

"As we have seen with increasing frequency, cyber criminals' bank heists require neither a mask nor a gun, just a clever program and an internet connection," he said.

"This case should serve as a wake-up call to banks and consumers alike, because cybercrime remains one of the greatest threats we face, and it is not going away any time soon."

Prosecutors say the ultra-sophisticated scam unfolded between 2005 and March 2012 and that the virus was "virtually undetectable in the computers it infected".

AFP