A map published last year by the Justice Department showing the locations of jackpotting incidents in the US suggested that Ploutus has remained active.The FBI’s latestalertconfirms that the malware is still widely used.“Once Ploutus is installed on an ATM, it gives threat actors direct control over the machine, allowing them to trigger cash withdrawals,” the FBI said. “Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn.”“The malware can be used across ATMs of different manufacturers with very little adjustment to the code as the Windows operating system is exploited during the compromise,” the law enforcement agency noted.The FBI’s alert provides indicators of compromise (IoCs) to help targeted organizations detect attacks, along with recommended mitigations.However, it’s worth noting that authorities previously mentioned that the Ploutus malware is designed to autonomously delete traces of its own code to deceive forensic investigators and bank employees.Related:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025Related:OpenClaw Security Issues Continue as SecureClaw Open Source Tool DebutsRelated:PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
The FBI’s latestalertconfirms that the malware is still widely used.“Once Ploutus is installed on an ATM, it gives threat actors direct control over the machine, allowing them to trigger cash withdrawals,” the FBI said. “Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn.”“The malware can be used across ATMs of different manufacturers with very little adjustment to the code as the Windows operating system is exploited during the compromise,” the law enforcement agency noted.The FBI’s alert provides indicators of compromise (IoCs) to help targeted organizations detect attacks, along with recommended mitigations.However, it’s worth noting that authorities previously mentioned that the Ploutus malware is designed to autonomously delete traces of its own code to deceive forensic investigators and bank employees.Related:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025Related:OpenClaw Security Issues Continue as SecureClaw Open Source Tool DebutsRelated:PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
“Once Ploutus is installed on an ATM, it gives threat actors direct control over the machine, allowing them to trigger cash withdrawals,” the FBI said. “Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn.”“The malware can be used across ATMs of different manufacturers with very little adjustment to the code as the Windows operating system is exploited during the compromise,” the law enforcement agency noted.The FBI’s alert provides indicators of compromise (IoCs) to help targeted organizations detect attacks, along with recommended mitigations.However, it’s worth noting that authorities previously mentioned that the Ploutus malware is designed to autonomously delete traces of its own code to deceive forensic investigators and bank employees.Related:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025Related:OpenClaw Security Issues Continue as SecureClaw Open Source Tool DebutsRelated:PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
“The malware can be used across ATMs of different manufacturers with very little adjustment to the code as the Windows operating system is exploited during the compromise,” the law enforcement agency noted.The FBI’s alert provides indicators of compromise (IoCs) to help targeted organizations detect attacks, along with recommended mitigations.However, it’s worth noting that authorities previously mentioned that the Ploutus malware is designed to autonomously delete traces of its own code to deceive forensic investigators and bank employees.Related:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025Related:OpenClaw Security Issues Continue as SecureClaw Open Source Tool DebutsRelated:PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
The FBI’s alert provides indicators of compromise (IoCs) to help targeted organizations detect attacks, along with recommended mitigations.However, it’s worth noting that authorities previously mentioned that the Ploutus malware is designed to autonomously delete traces of its own code to deceive forensic investigators and bank employees.Related:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025Related:OpenClaw Security Issues Continue as SecureClaw Open Source Tool DebutsRelated:PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
However, it’s worth noting that authorities previously mentioned that the Ploutus malware is designed to autonomously delete traces of its own code to deceive forensic investigators and bank employees.Related:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025Related:OpenClaw Security Issues Continue as SecureClaw Open Source Tool DebutsRelated:PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
Related:Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025Related:OpenClaw Security Issues Continue as SecureClaw Open Source Tool DebutsRelated:PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
Related:OpenClaw Security Issues Continue as SecureClaw Open Source Tool DebutsRelated:PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
Related:PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Source: SecurityWeek
