IT& Telecom

New Ploutus Malware Enables Cardless ATM Cash Theft

By Aftab Ahmed February 23, 2026
Ploutus Malware Enables Cardless ATM Cash Theft

A new malware variant called Ploutus poses a serious threat to Automated Teller Machines (ATMs) in Pakistan by enabling hackers to withdraw cash remotely without using any bank cards.

The advisory, issued by 1LINK and circulated to all scheduled banks across the country, warns that this malware can give attackers direct control over ATMs without needing access to customer accounts or banking systems.

Read More: Financial sector faces AI, blockchain and organized crime threats in 2025

Ploutus operates by exploiting physical access to ATMs, often using generic keys that are widely available. Attackers either copy malicious software onto the ATM’s storage device or replace it entirely.

Once installed, the malware bypasses standard security safeguards, making the affected machines highly vulnerable to unauthorized cash withdrawals. Its flexible design allows it to be adapted to different ATM manufacturers with minimal modifications.

Indicators of compromise include suspicious executable files, unauthorized remote access applications, abnormal autorun programs, custom services, and unusual physical activity such as ATM doors opening outside scheduled maintenance or hard drives being removed. Affected ATMs typically run on Windows OS.

The advisory recommends several mitigation measures to combat this threat:

  • Physical Security: Upgrade locks, install sensors and cameras, add barriers, and monitor for unusual access.
  • Hardware Security: Enable disk encryption, firmware integrity checks, memory protection, device whitelisting, and automatic shutdown upon malware detection.
  • Logical Access: Disable external storage interfaces by default and allow only approved access with continuous monitoring.
  • Network Security: Whitelist IP addresses, implement endpoint detection, and restrict software execution through whitelisting.
  • Logging and Auditing: Enable advanced audit policies to detect unauthorized file access or USB connections, maintain centralized logs, and regularly audit ATM devices.
  • Prevention Practices: Change default credentials, maintain trusted “gold images” of ATMs, and assess security in preproduction environments before deployment.

The advisory warns that without immediate and comprehensive action, Ploutus could lead to widespread ATM jackpotting incidents, resulting in significant financial losses for both banks and customers.

Financial institutions in Pakistan are urged to enhance their ATM security protocols urgently to prevent exploitation by this emerging malware threat.