New indictment alleges ATM malware used nationwide to steal millions in cash
According to court documents, the group relied on a variant of malware known as Ploutus to gain control of ATMs.
Investigators say teams traveled nationwide, often using multiple vehicles, to target banks and credit unions.
They conducted surveillance of ATM locations, checked for security features and watched for alarms or law enforcement responses before installing the malware.
Prosecutors said the malware was installed in several ways, including removing or replacing ATM hard drives or connecting external devices such as thumb drives.
Once installed, Ploutus issued unauthorized commands to the machine’s cash-dispensing system, forcing withdrawals of currency.
The malware was also designed to delete evidence of the intrusion to hide the attack from banks and investigators, authorities said.
Proceeds were then divided among participants based on predetermined shares.
