Ploutus Malware: Uptick in ATM jackpotting incidents prompts FBI warning Three weeks ago, renewed activity involving Ploutus ATM malware surfaced, prompting an alert from the Federal Bureau of …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

Renewed Ploutus ATM malware activity has triggered an FBI warning, prompting a deep technical breakdown of how ATM jackpotting attacks work. ATMs run Windows Embedded with XFS middleware, which Ploutus targets directly to issue cash dispense commands without transaction validation. The attack chain involves physical USB access, XFS API hooking, and rapid cash-out within minutes. Traditional detection-based security fails in ATM environments due to network isolation, hardware constraints, and slow patch cycles. The post argues for a prevention-first model using application whitelisting and zero-trust execution control, illustrated by a real-world AppGuard deployment at NuSource Financial that achieved four years malware-free across 700+ institutions. Detection engineering guidance includes Sigma-style rules for USB execution, log clearing, abnormal dispense patterns, and XFS DLL injection monitoring.

Ploutus Malware: Uptick in ATM jackpotting incidents prompts FBI warning

In 2025, more than 700 attacks on cash dispensers resulted in at least $20 million stolen, the FBI said in a security…