A new malware variant known as “Ploutus” is emerging globally as a major threat to Automated Teller Machines (ATMs). The malware allows hackers to trigger unauthorized cash withdrawals remotely.
According to an advisory shared by 1LINK, the malware allows direct control over affected ATMs without accessing customer accounts or banking systems.
The advisory has been circulated to all scheduled banks across Pakistan.
Ploutus allows attackers to gain physical access to ATMs using widely available generic keys. Malware deployment involves either copying malicious software onto the ATM’s storage device or replacing it entirely.
Once installed, Ploutus bypasses standard safeguards, making machines highly vulnerable. Its design allows adaptation across different ATM manufacturers with minimal changes.
How to Know the ATM is Compromised
Indicators of Compromise include suspicious .exe files, unauthorized remote access applications, abnormal autoruns, custom services, and unusual physical interactions such as ATM doors opening outside scheduled maintenance or hard drives being removed.
Digital Indicators as observed on affected ATMs running Windows OS are being shared below:
Other Indicators
Recommended Mitigation Measures
-
Physical Security: Upgrade locks, install sensors, cameras, and additional barriers, and monitor unusual access.
-
Hardware Security: Enable disk encryption, firmware integrity checks, memory protection, device whitelisting, and automatic shutdown when malware is detected.
-
Logical Access: Disable external storage interfaces by default and allow only approved access with continuous monitoring.
-
Network Security: Whitelist IPs, implement endpoint detection, and restrict software execution through whitelisting.
-
Logging & Auditing: Enable advanced audit policies to detect unauthorized file access or USB connections, maintain centralized logs, and regularly audit ATM devices.
-
Prevention Practices: Change default credentials, maintain trusted “gold images” of ATMs, and assess security in preproduction environments before deployment.
The advisory warned that without immediate action, Ploutus could lead to large-scale ATM “jackpotting,” putting both banks and customers at significant financial risk.
Awam neh kiya bigara hai jo awam ko takleef di ja rahi hai in kambalkhton hackers ko in haramzadon ko Zardari aur nawaz aur general nazar nahi ata