A Malware Trick Turns ATMs into Cash Machines — Dozens Now Face Criminal Charges

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

A Malware Trick Turns ATMs into Cash Machines — Dozens Now Face Criminal Charges

U.S. authorities have charged 54 individuals linked to a large-scale ATM jackpotting operation powered by Ploutus malware.

The U.S. Department of Justice has announced criminal charges against 54 individuals involved in a coordinated ATM jackpotting scheme that relied on Ploutus malware to force cash machines to dispense money on demand. The operation spanned multiple years and caused significant financial losses to banks and ATM operators.

Investigators revealed that the attackers gained physical access to ATMs and installed Ploutus malware using external devices such as USB drives or laptops. Once installed, the malware allowed operators to issue commands that triggered unauthorized cash withdrawals. As a result, attackers could empty ATMs within minutes without using stolen cards or credentials.

How the Jackpotting Scheme Worked

Ploutus malware targets the ATM’s internal operating system and cash dispenser controls. After compromising a machine, attackers used coded commands or mobile-based interfaces to instruct the ATM to release cash. The scheme relied on coordination between malware operators and cash mules, who collected the money immediately after deployment.

Authorities noted that the group focused on ATMs with weaker physical security and outdated software. They often struck during off-hours to avoid detection. Consequently, banks sometimes discovered the theft only after routine cash audits.

Law Enforcement Response and Impact

Federal investigators traced the activity through surveillance footage, forensic analysis, and financial records. The DOJ stated that the defendants played various roles, including malware deployment, coordination, and cash collection. Prosecutors charged several individuals with conspiracy, bank fraud, and computer intrusion offenses.

Officials emphasized that ATM jackpotting remains a persistent threat despite increased security controls. Malware families like Ploutus continue to evolve, exploiting gaps in physical security and legacy systems. Therefore, financial institutions must treat ATM security as both a cyber and physical risk.

Security experts recommend strengthening ATM software protections, restricting physical access, and monitoring for unusual cash-dispensing behavior. Regular system updates and tamper detection also reduce exposure to jackpotting attacks.

Overall, the case highlights how cybercrime can directly translate into physical cash theft. As attackers blend malware with real-world access, defending financial infrastructure requires close coordination between cybersecurity teams and physical security operations.

Over 20,000 Instagram Accounts Hijacked Through Meta AI Support Flaw

Nottingham University Data Breach Exposes Records of More Than 450,000 Students

DragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Infrastructure

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

Anthropic Unveils Claude Fable 5 with Built-In Cyber Safeguards as AI Security Enters a New Era

ATHR AI Vishing Platform Automates Voice Phishing at Scale

How Modern Businesses Can Measure Cyber Risk in Financial and Operational Terms Instead of Technical Guesswork

What Is Wiper Malware in Cybersecurity? Understanding One of the Most Destructive Types of Cyber Attacks

Why Delaying Software Updates Can Put Your Entire Digital Security at Risk

How Attackers Abuse Legitimate Windows Tools: Understanding LOLBins and Living-Off-the-Land Attacks

Brave Launches Paid ‘Origin’ Browser for Users Seeking a Cleaner, Privacy-First Experience

Apple Blocks $11 Billion in App Store Fraud as Mobile Threats Continue to Rise

A Malware Trick Turns ATMs into Cash Machines — Dozens Now Face Criminal Charges