**US Charges 54 in Massive ATM Jackpotting Conspiracy**
A complex web of deceit and cybercrime has been exposed as 54 individuals have been indicted for their roles in a massive conspiracy to deploy malware and commit ATM jackpotting fraud.
On December 9, a federal grand jury in the District of Nebraska returned an indictment charging 22 individuals with their role in the conspiracy. Just over a month later, on October 21, another indictment was returned by a federal grand jury, this time charging 32 persons. If convicted, the defendants face a maximum term of imprisonment ranging between 20 and 335 years, according to a release from the US Attorney's Office, District of Nebraska.
The indictment alleges that Tren de Aragua, a Venezuelan crime syndicate, has used ATM jackpotting to steal millions of dollars in the US and then transferred the proceeds among its members and associates to conceal the illegally obtained cash. "As alleged, these defendants employed methodical surveillance and burglary techniques to install malware into ATM machines, and then steal and launder money from the machines, in part to fund terrorism and other far-reaching criminal activities of Tren de Aragua, a designated Foreign Terrorist Organization," said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department's Criminal Division.
According to the indictment, the total losses from the jackpotting incidents have reached $40.73m as of August 2025. The alleged conspiracy developed and deployed a variant of malware known as Ploutus, which was used to hack into ATMs and force them to dispense cash.
**The Role of Ploutus Malware**
The Ploutus malware is one of the most advanced ATM malware families, first discovered in Mexico in 2013. A new version of the malware, dubbed Ploutus-D, was first observed in 2017 and targeted the ATM vendor Diebold. According to Google's threat intelligence, Ploutus-D is designed to issue unauthorized commands associated with the Cash Dispensing Module of the ATM in order to force withdrawals of currency.
The malware was also designed to obfuscate evidence of the criminal activity and deceive employees of the banks and credit unions from learning about the malware deployment. In some cases, the defendants would replace the hard drive of the ATM with one that had been pre-loaded with the Ploutus malware or connect an external device such as a thumb drive to deploy the malware.
**How the Conspiracy Unfolded**
The alleged conspiracy involved methodical surveillance and burglary techniques to install malware into ATM machines. Members of the conspiracy would travel to locations of targeted banks and credit unions, conduct initial reconnaissance, and take note of external security features at the ATMs. Following this reconnaissance, the groups would open the hood or door of ATMs and wait nearby to see whether they had triggered an alarm or a law enforcement response.
After conducting the reconnaissance, steps would be taken to install the Ploutus malware on the ATMs. This involved removing the hard drive and installing the malware directly, replacing the hard drive with one that had been pre-loaded with the Ploutus malware, or connecting an external device such as a thumb drive to deploy the malware.
**A Massive Scheme Exposed**
The indictment exposes a massive scheme that has left banks and credit unions across the US reeling. The defendants face serious consequences if convicted, including lengthy prison sentences and fines. As the investigation continues, it is clear that law enforcement agencies are working tirelessly to dismantle this complex web of deceit and cybercrime.
**Related Stories:**
* [US Charges 54 in Massive ATM Jackpotting Conspiracy](#) * [ATM Jackpotting: A Growing Threat to Financial Institutions](https://www.example.com/atm-jackpotting-growing-threat-financial-institutions) * [Tren de Aragua: The Venezuelan Crime Syndicate Behind the Scheme](https://www.example.com/tren-de-aragua-venezuelan-crime-syndicate-behind-scheme)