google-site-verification: google30a059f9a075f398.html

Ploutus.D Malware Variant Used in U.S.-based ATM Jackpotting Attacks

CyberWisdom Safe Harbor Commentary  on Ploutus.D Malware Variant

I couldn’t believe this story from that visualizes how the modern Bank ATM robbery is unfolding. The U.S. Secret Service issued a warning to financial institutions on Friday stating that financial institutions “systematically” attack “credible information” on U.S. ATMs that use malware that can quickly drain cash. ATM machine maker Diebold Nixdorf also warned that customers are likely to warn of potential “ATM” face-up attacks from Mexico to the United States.

Brian Krebs, a reporter in charge of the KrebsOnSecurity website, reports that the U.S. attack has begun. Krebs quoted sources at ATM maker NCR Corp. as saying that the number of ATM ATMs, also known as logic attacks, has reached the U.S. coast.

related articles on Ploutus.D Malware Variant Bank ATM Robbery:
The first ATM “jackpot” hit the U.S. cash dispenser – cash robbery

First ATM “jackpot” Attacks Hit U.S. ATMs – Cash Robbery

“While at the moment these issues are all focused on non-NCR ATMs, logical attacks are an industry-wide issue, as was the first case of loss identified as a result of the logical attacks by the United States,” Krebs quoted NCR Consultants as saying.

Although the U.S. Secret Service disagrees with the nature of these attacks, Krebs sources within the agency claim recent attacks include the use of Jackpotting malware Ploutus.D.

The source said the secret service warned that in the past 10 days, thieves appear to be using a series of coordinated attacks on Ploutus.D malware targeting the Opteva 500 and 700 series Dielbold ATMs and there is evidence that further attacks are taking place Plan across the country, “according to Krebs report.

Dielbold and NCR did not immediately respond to this story’s comment request.

In its advisory, the Special Service Agency said that the threat actors were mainly targeted at stand-alone ATMs. “ATMs are usually located in pharmacies, large retail stores and through ATMs. Criminals go from individual suspects to large groups of organizations, from local criminals to international organized criminal groups,” the Secret Service said.

The agency is authorizing the U.S. cybercrime team to identify “credible” threats. “Subsequently, we remind other law enforcement partners and
Financial institutions who may be affected by this crime, “it said.

Ploutus.D Malware Variant ATM Attack History

Previous attacks targeted ATMs in Mexico, Japan, Thailand and Europe. Bulkhead malware used in these attacks includes Ploutus, Prilex, Green Dispenser, and Ice5.

In the case of Ploutus, malware has been online since 2013. According to an article published in the Bulletin of the Virus by Kaspersky Lab researcher Thiago Marques, in October 2017, malware lost $ 64 million.

Marques said Ploutus needs physical access via USB or CD to deploy malware in order to steal the ATM ID used to activate and identify the ATM and then redeem it.

In a recent attack, Krebs reported that a Secret Service source said the attackers were using medical devices such as endoscopes to navigate inside the ATM to intercept cash dispenser communications Port, ATM computer, and start malware infection.

Krebs said: “Currently, malware fraudsters will contact conspirators who can remotely control ATMs and force machines to dispense cash.”

According to the January 2017 FireEye Awards, remote attackers can direct ATMs to distribute thousands of dollars in just a few minutes.

FireEye researchers point out that Ploutus-D is often targeted at Diebold ATM devices running multi-vendor Kalignite platforms. “We identified samples for the ATM supplier Diebold. However, since the Kalignite platform runs 40 different ATM vendors in 80 countries, minimal code changes to the Ploutus-D will significantly extend the ATM vendor’s goals.” Research Staff said.

Leigh-Anne Galloway said: “The interesting thing about these attacks is that they require a lot of physical space to access the ATM itself, which means there is a high risk of being discovered and the choice of attack vector is much more complex. Positive resilience leads at Positive Technologies.

Krebs reports that the Secret Service warned financial institutions that ATM running on Windows XP is still vulnerable.

Past ATM robbers used different malware. In August 2016, a family of malware known as RIPPER was accused of some ATM robberies in Thailand. Attackers are able to penetrate the target ATM using an ATM card activated by a special EMV (EuroPay, MasterCard and Visa) chip. This card serves as a mechanism to authenticate with existing RIPPER malware on the ATM. The liar in the incident escaped with 378,000 U.S. dollars.

read more…

ATM maker NCR Corp. is warning that cyber criminals are hacking U.S. cash machines with malware that can drain machines dry of cash. Engaging post, Read More…

thumbnail courtesy of

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » Ploutus.D Malware Variant Used in U.S.-based ATM Jackpotting Attacks