Upgraded Ploutus-D Malware Designed to Drain ATMs From Any Manufacturer
In early 2013, cybercriminals began deploying in Mexico what some security experts described as one of the most advanced pieces of malware that’s ever been built to steal money from ATMs. Nicknamed Ploutus, it evolved to become the first ATM malware that could be controlled remotely by a mobile phone.
Ploutus, which appeared in Latin America and was built in a way that suggested that its developers spoke Spanish, could only target ATMs made by NCR, which is one of the industry’s biggest manufacturers. It was coded to interact with an obscure kind of ATM management software from NCR called Aptra.
Four years later, that’s changed. Ploutus has gone “multivendor” with a new version that’s compatible with a type of middleware deployed by banks at ATMs around the world, according to a new report from FireEye. This development vastly expands cybercriminals’ list of potential targets.