A new malware variant called Ploutus is emerging as a significant threat to Automated Teller Machines (ATMs) worldwide.
The malware allows hackers to remotely trigger unauthorized cash withdrawals without accessing customer accounts or core banking systems.
The advisory, issued by 1LINK, has been circulated to all scheduled banks across Pakistan, warning of potential financial losses if immediate action is not taken.
How Ploutus Operates
Ploutus enables attackers to gain physical access to ATMs using generic keys. The malware can be installed by either copying malicious software onto the ATM’s storage device or fully replacing the device’s software.
Once deployed, it bypasses standard ATM safeguards and is adaptable across multiple ATM manufacturers with minimal changes.
Signs of a Compromised ATM
Banks and ATM operators should monitor for the following indicators:
-
Suspicious .exe files or unauthorized remote access programs
-
Abnormal autoruns and custom services
-
Unexpected physical activity, such as ATM doors opening outside maintenance schedules or removal of hard drives
-
Unusual network or system activity on ATMs running Windows OS
Recommended Security Measures
The 1LINK advisory recommends a multi-layered approach to mitigate risks:
1. Physical Security:
Upgrade locks, install cameras and sensors, implement additional barriers, and monitor unusual access.
2. Hardware Security:
Enable disk encryption, firmware integrity checks, memory protection, device whitelisting, and automatic shutdown when malware is detected.
3. Logical Access:
Disable external storage interfaces by default and allow only authorized access with continuous monitoring.
4. Network Security:
Whitelist trusted IP addresses, deploy endpoint detection systems, and restrict software execution through whitelisting.
5. Logging & Auditing:
Maintain centralized logs, enable advanced auditing to detect unauthorized file access or USB connections, and regularly inspect ATM devices.
6. Prevention Practices:
Change default credentials, maintain trusted “gold images” of ATMs, and assess security in preproduction environments before deployment.
Urgent Call to Action
The advisory warns that failure to implement these measures could lead to large-scale ATM jackpotting, putting both banks and customers at severe financial risk.
Banks are urged to act immediately to secure ATM networks and prevent potential attacks.
