Ploutus malware in nationwide ATM jackpotting operation
Malware Activity
Summary
Hide ▲
Show ▼
The Ploutus malware was used in a nationwide ATM jackpotting operation that drained cash from bank and credit union ATMs across the United States, raising theft and concealment risk. The malware-enabled activity matters because it let operators force ATMs to dispense cash until empty while also deleting evidence to hide the attacks.
Related Happenings
Tren de Aragua members charged in ATM jackpotting case
Law Enforcement
First: 20.02.2026 12:08
Last: 20.02.2026 12:08
Sources 1
How related:
In total, the U.S. Department of Justice has charged 87 Tren de Aragua members over the past six months, who are now facing maximum prison terms ranging from 20 to 335 years each.
About this happening:
The U.S. Department of Justice charged **87 Tren de Aragua members** over the past **six months** in a case tied to **ATM jackpotting** and **Ploutus malware**. The charging actio...
Tren de Aragua members charged in ATM jackpotting case
Law EnforcementHow related: In total, the U.S. Department of Justice has charged 87 Tren de Aragua members over the past six months, who are now facing maximum prison terms ranging from 20 to 335 years each.
About this happening: The U.S. Department of Justice charged **87 Tren de Aragua members** over the past **six months** in a case tied to **ATM jackpotting** and **Ploutus malware**. The charging actio...
FBI ATM jackpotting mitigation guidance
Advisory/Mitigation
First: 20.02.2026 10:05
Last: 20.02.2026 10:05
Sources 1
How related:
The agency has outlined a long list of recommendations that organizations can adopt to mitigate jackpotting risks.
About this happening:
The **FBI** has issued mitigation guidance for **ATM jackpotting**, aiming to reduce cash-out risk across deployed **ATM devices**. The recommendations focus on **physical securit...
FBI ATM jackpotting mitigation guidance
Advisory/MitigationHow related: The agency has outlined a long list of recommendations that organizations can adopt to mitigate jackpotting risks.
About this happening: The **FBI** has issued mitigation guidance for **ATM jackpotting**, aiming to reduce cash-out risk across deployed **ATM devices**. The recommendations focus on **physical securit...
U.S. ATM jackpotting cash-out wave
Exploitation Wave
First: 20.02.2026 10:05
Last: 20.02.2026 10:05
Sources 1
How related:
The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents across the country, leading to losses of more than $20 million in 2025.
About this happening:
**ATM jackpotting** is intensifying across the **U.S.**, with **1,900 incidents since 2020** and **more than $20 million** lost in **2025**. The wave shows attackers repeatedly co...
U.S. ATM jackpotting cash-out wave
Exploitation WaveHow related: The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents across the country, leading to losses of more than $20 million in 2025.
About this happening: **ATM jackpotting** is intensifying across the **U.S.**, with **1,900 incidents since 2020** and **more than $20 million** lost in **2025**. The wave shows attackers repeatedly co...
Tren de Aragua (TdA) indicted in ATM jackpotting operation allegedly orchestrated by Tren de Aragua
Law Enforcement
First: 27.01.2026 18:27
Last: 27.01.2026 18:27
Sources 1
How related:
A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua.
About this happening:
A **Nebraska federal grand jury** charged **31 additional defendants** in an **ATM jackpotting** case, expanding the federal prosecution of a scheme that used **Ploutus malware**...
Tren de Aragua (TdA) indicted in ATM jackpotting operation allegedly orchestrated by Tren de Aragua
Law EnforcementHow related: A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua.
About this happening: A **Nebraska federal grand jury** charged **31 additional defendants** in an **ATM jackpotting** case, expanding the federal prosecution of a scheme that used **Ploutus malware**...
South Carolina ATM jackpotting case sentencing and deportation
Law Enforcement
First: 23.01.2026 18:38
Last: 23.01.2026 18:38
Sources 1
About this happening:
South Carolina federal prosecutors said **Luz Granados** and **Johan Gonzalez-Jimenez** were **sentenced** in an **ATM jackpotting** cybercrime case and will be deported after ser...
South Carolina ATM jackpotting case sentencing and deportation
Law EnforcementAbout this happening: South Carolina federal prosecutors said **Luz Granados** and **Johan Gonzalez-Jimenez** were **sentenced** in an **ATM jackpotting** cybercrime case and will be deported after ser...
Timeline
-
20.02.2026 10:05 2 articles · 3mo ago
FBI warns of rising Ploutus ATM jackpotting
Campaign Scope UpdateThe FBI warned that ATM jackpotting incidents across the U.S. have increased, citing more than $20 million lost in 2025, 1,900 reported incidents since 2020, and about $40.73 million collectively lost since 2021. The bulletin says attackers use Ploutus and similar malware to gain access to ATMs, exploit XFS on the underlying Windows operating system, and force cash-outs, and it recommends stronger physical security, security cameras, threat sensors, lock changes, device auditing, default-credential resets, device allowlisting, automatic shutdown on indicators of compromise, and logging.
Show sources
- FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025 — thehackernews.com — 20.02.2026 10:05
- FBI: Over $20 million stolen in surge of ATM malware attacks in 2025 — www.bleepingcomputer.com — 20.02.2026 12:08
-
27.01.2026 18:27 2 articles · 4mo ago
Ploutus malware used in nationwide ATM jackpotting case
Initial DisclosureA Nebraska federal grand jury charged 31 additional defendants in a nationwide ATM jackpotting case tied to Tren de Aragua, and court documents said the suspects deployed Ploutus malware against banks and credit union ATMs across the United States by opening machine housings, swapping hard drives or inserting thumb drives, then forcing the ATMs to dispense cash until empty while deleting evidence and laundering the stolen money.
Show sources
- US charges 31 more suspects linked to ATM malware attacks — www.bleepingcomputer.com — 27.01.2026 18:27
- US charges 31 more suspects linked to ATM malware attacks — www.bleepingcomputer.com — 27.01.2026 18:27
-
20.12.2025 15:48 1 articles · 5mo ago
DOJ announces 54 Ploutus ATM jackpotting indictments
Legal Policy Action UpdateThe U.S. Department of Justice announced indictments of 54 individuals in a Ploutus ATM jackpotting case tied to Tren de Aragua, alleging that the group used surveillance and burglary to install the malware in ATMs across the U.S., force cash withdrawals, delete evidence, and launder the proceeds.
Show sources
- U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware — thehackernews.com — 20.12.2025 15:48