US Indicts 31 In Massive ATM Malware Heist Draining Bank Cash Reserves

A federal grand jury in Nebraska has indicted 31 people for using Ploutus malware to steal millions from ATMs across the US.

This “ATM jackpotting” scheme links to the Tren de Aragua (TdA) gang, a designated foreign terrorist group.

It brings total charges to 87 TdA members in recent months. Authorities say the plot funded TdA’s violent crimes like trafficking and murder.

The indictment lists 32 counts, including conspiracy to commit bank fraud, bank burglary, computer fraud, and damaging computers.

If convicted, suspects face up to 335 years in prison. Many defendants are Venezuelan or Colombian nationals, including TdA members who entered the US illegally.

How ATM Jackpotting Works

ATM jackpotting tricks machines into spitting out cash without valid cards or PINs. Criminals deploy malware like Ploutus to hijack the ATM’s cash dispenser.

Ploutus, first seen in 2013, targets ATMs running Windows XP or older systems. It issues fake commands to the Cash Dispensing Module (CDM), forcing payouts.

Teams scouted bank ATMs first. They checked for alarms by opening the machine’s hood. No response meant it was safe.

Then, they installed Ploutus in three ways:

• Removed the ATM’s hard drive and loaded malware directly.
• Swapped it with a pre-infected drive.
• Plugged in a USB drive to deploy the code remotely.

Once active, Ploutus deletes logs to hide tracks. It fools bank staff by wiping evidence. Groups split stolen cash afterward. Photos from the case show tools like USBs and open ATM panels mid-attack.

This builds on prior indictments. A December 2025 case charged 22 for TdA-linked jackpotting and money laundering.

An October one hit 32 for similar fraud. Losses run into millions, hitting banks and credit unions nationwide.

TdA started as a Venezuelan prison gang in the 2000s. It now runs drugs, guns, sex trafficking, and extortion across the Americas, including the US.

Jackpotting provides quick cash to fuel these ops. Officials call it a “revenue stream” for terrorism.

Attorney General Pamela Bondi labeled TdA a “complex terrorist organization.” Deputy AG Todd Blanche vowed to dismantle it via Joint Task Force Vulcan (JTFV).

US Attorney Lesley Woods in Nebraska aims to cut their funds. Justice FBI’s Eugene Kowel stressed tracking the money.

The probe involves FBI Omaha, HSI, and dozens of agencies. HSTF, from Executive Order 14159, targets cartels and gangs. JTFV, launched in 2019 against MS-13, now fights TdA.

Technical Defenses Against Jackpotting

ATMs remain vulnerable due to outdated software. Many still use Windows XP, unpatched for years. Malware like Ploutus exploits weak physical security unlocked panels let attackers insert devices.

Banks fight back with:

• EMV Chip Cards and Tokenization: Reduces card skimming risks.
• Jammed Detection: Sensors block CDM if tampered.
• Remote Monitoring: Real-time alerts for odd cashouts.
• Hardened OS: Shift to Linux or secure Windows versions.
• Air-Gapped Networks: Isolates ATMs from the internet.

CISA urges firmware updates and multi-factor access. Logical security locks PIN-protected hoods slow intruders. Still, physical access trumps digital defenses.

This case shows cartels evolving to cyber tools. As TdA “levels up,” so must defenses. The DOJ’s 87 charges signal a crackdown. But with TdA in US cities, more ATM hits loom unless banks upgrade fast.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post US Indicts 31 In Massive ATM Malware Heist Draining Bank Cash Reserves appeared first on Cyber Security News.