top of page
perceptive_background_267k.jpg

U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware

Published:

20 december 2025 om 13:48:00

Alert date:

20 december 2025 om 15:02:15

Source:

thehackernews.com

Click to open the original link from this advisory

Ransomware & Malware, Critical Infrastructure

The U.S. Department of Justice indicted 54 individuals in connection with a multi-million dollar ATM jackpotting scheme. The conspiracy involved deploying Ploutus malware to hack automated teller machines across the United States and force them to dispense cash. The indicted members are allegedly part of Tren de Aragua (TdA), a criminal organization. This represents a large-scale financial crime operation targeting ATM infrastructure through malware deployment.

Technical details

The Ploutus malware is deployed on ATMs by either replacing the hard drive with one preloaded with the malicious program or by connecting a removable thumb drive. The malware is equipped to issue unauthorized commands to the Cash Dispensing Module of ATMs to force currency withdrawals. It was first detected in Mexico in 2013 and exploits weaknesses in Windows XP-based ATMs. The malware can be activated via SMS messages sent to compromised ATMs and is designed to delete evidence of its presence to avoid detection. Threat actors conduct reconnaissance to assess external security measures and test alarm systems before deploying the malware.

Mitigation steps:

Monitor ATMs for unauthorized physical access attempts, implement enhanced security measures for ATM hoods and access points, deploy detection systems for unusual ATM dispensing activities, monitor for evidence deletion activities on ATM systems, implement robust alarm systems that trigger upon physical tampering, conduct regular security assessments of ATM infrastructure

Affected products:

Windows XP-based ATMs
Diebold ATMs
ATMs running various Windows versions

Related links:

https://www.justice.gov/usao-ne/pr/tren-de-aragua-members-and-leaders-indicted-multi-million-dollar-atm-jackpotting-scheme
https://thehackernews.com/2023/03/new-fixs-atm-malware-targeting-mexican.html
https://www.state.gov/designation-of-international-cartels/
https://www.state.gov/releases/2025/07/sanctioning-key-members-of-foreign-terrorist-organization-tren-de-aragua/
https://home.treasury.gov/news/press-releases/sb0195
https://thehackernews.com/2014/03/hacking-atm-machines-for-cash-with-just.html
https://cloud.google.com/blog/topics/threat-intelligence/new-ploutus-variant

Related CVE's:

Related threat actors:

IOC's:

Ploutus malware

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page