Two Hackers Arrested For ATM Jackpotting by Deploying Malware

The arrests follow a joint investigation by the FBI Cyber Division and local law enforcement agencies into a sophisticated malware-driven financial fraud operation targeting credit unions and bank ATMs. Forensic analysts identified the installation of a modified hard drive preloaded with memory-scraping malware designed to intercept Transaction Delivery Protocol (TDP) signals between the ATM’s electronic control unit (ECU) and cash dispenser. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Per surveillance footage from the October 5, 2024, Radius Federal Credit Union incident in Kenmore, New York, conspirators accessed the ATM’s internal housing using a stolen or replicated maintenance key. This malware variant, believed to be a derivative of the Ploutus.D family, enabled remote command execution via SMS or Bluetooth triggers, bypassing standard Hypervisor-level security protocols. In its latest Android security update, Google has unveiled a dual-layer defense system combining AI-powered scam detection for both text messages and voice calls. The October 5 attack alone extracted $110,440 across multiple withdrawal cycles before fraud detection systems flagged anomalous transaction patterns. Cybersecurity experts warn that this case highlights critical vulnerabilities in legacy ATM architectures still using Windows XP Embedded systems without Secure Boot enforcement. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Network logs from victim ATMs revealed attacker IPs routing through Tor exit nodes (82.221.128.191, 81.6.43.184) before establishing persistent SSH tunnels to command-and-control servers hosted in Panama. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications. The breakthrough came during the Illinois incidents, where Mahomet PD officers identified Gomez-Cegarra and Hernandez-Gil conducting reconnaissance on a Diebold Opteva 520 ATM.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 06 Mar 2025 13:25:20 +0000