The Department of Justice has indicted thirty-one individuals for their involvement in a sophisticated operation that used Ploutus malware to steal millions of dollars from automated teller machines. Operating primarily between early 2024 and late 2025, the group successfully targeted dozens of machines to illicitly withdraw over five million dollars.
Federal authorities revealed that the conspiracy involved a methodical process of surveillance and physical tampering to bypass security measures. Members of the group would first test ATMs by opening their doors to see if local law enforcement would be alerted by alarms. If no response occurred, the suspects would then replace the internal hard drives with compromised hardware or use external drives to infect the system with specialized malware.
The malware utilized in these attacks, known as Ploutus, is designed to override the security protocols of an ATM and force it to dispense all its cash, a technique commonly referred to as jackpotting. Once the software took control of the machine’s internal systems, it could order the dispensing of large sums of money without the use of a legitimate bank card. This particular scheme resulted in the theft of approximately 5.4 million dollars, with a significant number of the targeted machines belonging to various credit unions.
According to the indictment, the group included members of the Venezuelan gang Tren de Aragua, and some individuals were identified as being in the country illegally. The legal charges brought against the defendants include a variety of federal crimes such as conspiracy to commit bank fraud, bank burglary, and computer fraud. This legal action follows a previous round of indictments last month, where fifty-six other individuals were charged for their participation in similar jackpotting activities across the country.
Cybersecurity experts and federal agencies have been tracking the evolution of Ploutus for over a decade, noting its status as one of the most advanced malware families in existence. First discovered by researchers in 2013 during a series of thefts in Mexico, the software has been updated frequently to remain effective against modern banking hardware. Over the years, multiple ATM vendors have been found vulnerable to this specific type of attack, which continues to pose a significant threat to financial institutions globally.
Source: Dozens More Charged In Ploutus ATM Jackpotting Conspiracy