The Ploutus ATM malware family, first detected in 2013 by Symantec as Backdoor.Ploutus, allows attackers to withdraw cash from an ATM machine on command. The malware is installed by accessing the ATM's CD-ROM drive and inserting a new boot disk that delivers the Ploutus variant. After connecting an external keyboard to the ATM machine, threat actors must press 'F8' to display the hidden trojan window. Once visible, numerous commands can be executed such as pressing ‘F1’ to generate ATM ID, 'F2' to activate ATM ID, and 'F3' to dispense cash.
0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025 | Backdoor.MSIL.Ploutus.h | Download |
34acc4c0b61b5ce0b37c3589f97d1f23e6d84011a241e6f85683ee517ce786f1 | Backdoor.MSIL.Ploutus.h | Download |
d99339d3dc6891cdd832754c5739640c62cd229c84e04e9e3cad743c6f66b1b9 | Backdoor.MSIL.Ploutus.g | Download |
398e335f2d6379771d86d508a43c567b4156104f89161812005a6122e9c899be | HEUR:Trojan.MSIL.Agent.gen | Download |
c8d57b32ab86a3a97f89ae7f1044a63cca2b58f748bed250a1f9df5c50fc8fbb | Backdoor.MSIL.Ploutus.g | Download |
04db39463012add2eece6dfe6f311ad46b76dae55460eea30dec02d3d3f1c00a | Backdoor.MSIL.Ploutus.d | Download |
62b61f1d3f876300e8768b57d35c260cfc60b768a3e430725bd8d2f919619db2 | HEUR:Backdoor.MSIL.Ploutus.gen | Download |
aee97881d3e45ba0cae91f471db78aded16bcff1468d9e66edf9d3c0223d238f | HEUR:Trojan.MSIL.Tpyn.gen | Download |
0971c166826163093093fb199d883f2544055bdcfc671e7789bd5088992debe5 | HEUR:Trojan.MSIL.Tpyn.gen | Download |
0e37b8a6711a3118daa1ce2e2f22c09b3f3c6179155b98215a1d96a81c767889 | Backdoor.MSIL.Ploutus.o | Download |
e75e13d3b7a581014edcc2a397eaffbf91c3e5094d4afd81632d9ad872f935f4 | HEUR:Trojan.Win32.Generic | Download |
7fd109532f1e49cf074be541df38e0ce190497847fdb5588767ca35b9620a6c2 | HEUR:Trojan.MSIL.Tpyn.gen | Download |
d93342bd12ef44d92bf58ed2f0f88443385a0192804a5d0976352484c0d37685 | Backdoor.MSIL.Ploutus.q | Download |
07bd2de9702c8b77307df84fce2017018919df6a9170fced0246fe9a551354bf | Backdoor.MSIL.Ploutus.aa | Download |