Banks across Pakistan have been warned about a rising threat from a new malware variant known as Ploutus, which allows hackers to trigger unauthorized cash withdrawals from Automated Teller Machines without using any customer cards. The advisory, circulated by 1LINK to all scheduled banks, highlights the malware’s ability to gain direct control over affected ATMs, bypassing standard banking systems and security safeguards.
Ploutus leverages both physical and digital attack vectors. Hackers can exploit widely available generic keys to gain physical access to ATMs, while malware deployment involves copying malicious software onto the ATM’s storage device or fully replacing it. Once installed, the malware adapts across different ATM manufacturers with minimal modifications, making multiple machines vulnerable. Observed activity includes unauthorized remote access applications, suspicious executable files, abnormal autoruns, and unusual physical interactions such as ATM doors opening outside of maintenance schedules or hard drives being removed.
To address the threat, 1LINK has outlined a comprehensive set of mitigation measures covering physical, hardware, logical, and network security. Banks are urged to enhance physical safeguards by upgrading locks, installing sensors, and deploying cameras to monitor unusual access. Hardware-level protections should include disk encryption, firmware integrity checks, memory protection, device whitelisting, and automatic shutdown if malware is detected. Logical access controls, including restricting external storage interfaces and continuously monitoring approved access, are also recommended, while network security measures emphasize IP whitelisting, endpoint detection, and controlled software execution.
Additional preventative practices include changing default credentials, maintaining trusted “gold images” of ATMs, and conducting rigorous security assessments in preproduction environments before deployment. The advisory warns that failure to implement these measures could lead to large-scale ATM “jackpotting,” posing significant financial risk to both banks and customers. The Ploutus malware serves as a reminder of the evolving complexity of financial cybercrime, requiring coordinated technical, physical, and operational strategies to safeguard critical banking infrastructure in Pakistan.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
