Ploutus

If you thought that only desktop computers and mobile devices could be infected by malicious viruses, better think again. Here comes Ploutus, a Trojan infection that affects ATMs! The point is, as long as any type of computer employs an operating system to run smoothly, that operating system can be compromised by a malicious infection. In this article, we will tell you more about the infection, and its main aims, as based on the research by FireEye. As you can probably tell, Ploutus cannot infect your computer, and perhaps that is for the best because the Trojan clearly aims to steal as much money as possible.

Where does Ploutus come from?

Ploutus is a group of malware infections that target mainly ATM machines. It was first discovered in 2013, and the group of infections usually works in Latin America. The fact that the program was first detected in Mexico only supports this claim.

Computer security experts suggest that the use of ATM malware like Ploutus will only continue to increase in the year 2017, and the developing countries with weaker security controls are more likely to be affected by this type of cyber criminal activity. There are many versions of the Ploutus infection, and it can be easily modified via the Kalignite Platform, so it can be used to attack multiple vendors and operating systems.

What does Ploutus do?

To summarize the way this Trojan works, the infection has to be installed on the ATM manually, and usually, an external keyboard has to be connected to the ATM. The attacker also has a phone through which it can control the infected ATM later on. Once the connection between the infected machine and the command and control center is established, the attacker sends SMS commands that pass through a USB port or USB tethering. The network monitor on the infected machine receives the command and launches Ploutus, which starts issuing cash.

The newest version of Ploutus is sometimes called Ploutus-D, and it comes forth with several features that previously have not been observed in the older versions of this infection. For example, the newest version, detected in November 2016, can run on Windows 10, Windows 8, Windows 7, and Windows XP operating systems. It mostly targets Diebold ATMs and comes with a different GU interface. Also, this Trojan is heavily protected against potential security measures because it has a Launches that can identify and kill security monitoring processes. As a result, Ploutus might remain undetected.

Other than that, the Trojan is similar to its predecessors, so we know that it can empty the affected ATM without using any card (the SMS command is enough). But, on the other hand, the attacker needs to connect an external keyboard to the machine in order to infect it. The activation code used by the attackers expires in 24 hours, so it means that the criminals have limited time to strip the infected ATM clean.

Will I be affected?

Personally, most probably not. Even if you do keep your money in the banks whose ATMs can get infected by Ploutus, it is still not your account that gets swept clean, it is the ATM itself. So perhaps we can just leave you with a short list that should answer the biggest questions that may pop into your head.

  • Ploutus is a Trojan for ATMs.
  • The newest version appeared in November 2016.
  • Ploutus does not steal credit card information.
  • The Trojan mostly affects ATMs in Latin America.
  • Ploutus mainly targets the Diebold ATMs.
  • Trojan installation requires physical access to the targeted machine.
  • Criminals connect external keyboards to ATMs to infect them.

Leave a Comment

Enter the numbers in the box to the right *