Jackpotting the American Dream: How a Venezuelan Gang Emptied U.S. ATMs with Malware

It began with a simple, chilling question echoing through law enforcement circles: Who was draining ATMs across America in broad daylight, leaving behind little more than empty vaults and digital ghosts? The answer, it turns out, traces back to a Venezuelan prison, a violent gang, and a web of cybercrime stretching across state lines and international borders. Now, a Nebraska federal grand jury has indicted 31 more suspects, exposing the full scale of a criminal scheme that reads like a Hollywood script - but with very real victims and millions in stolen cash.

Fast Facts

• 31 new suspects charged in a nationwide ATM malware operation linked to the Venezuelan Tren de Aragua gang.
• Operation used Ploutus malware to force ATMs to dispense millions in cash.
• Suspects face charges including bank fraud, money laundering, and providing material support to terrorists.
• Tren de Aragua has been designated a Foreign Terrorist Organization by the U.S. Treasury.
• Over 87 individuals linked to the gang have been charged in the last six months.

Inside the Heist: Malware, Money, and a Transnational Gang

The quiet hum of an ATM is a familiar soundtrack in American life, but for dozens of banks and credit unions, that hum was abruptly replaced by alarms - and empty cash cassettes. According to court filings, the suspects, many from Venezuela and Colombia and allegedly affiliated with the Tren de Aragua (TdA) gang, orchestrated a series of sophisticated “jackpotting” attacks. Their tool of choice: Ploutus, a notorious strain of malware designed to turn ordinary ATMs into cash-spewing slot machines.

The attackers’ method was both bold and methodical. After prying open ATM housings, they would either swap out the machines’ hard drives for ones preloaded with malware or plug in infected USB drives. Once the malicious code took over, the ATMs could be commanded to dispense all their cash at the touch of a button. To cover their tracks, the criminals deleted digital evidence and then vanished, leaving financial institutions scrambling to piece together what had happened.

This was more than just a high-tech bank job. The Department of Justice alleges that money stolen from these attacks helped fund TdA’s broader criminal and terrorist activities. The gang, which started in Venezuelan prisons, has grown into a transnational syndicate with tentacles reaching far beyond South America. In December, the U.S. Treasury officially labeled TdA a Foreign Terrorist Organization - a rare move underscoring the seriousness of the threat.

The investigation is sprawling. In addition to the 31 freshly indicted suspects, previous cases have charged 56 others. If convicted, some could face sentences of up to 335 years. Meanwhile, authorities continue to pursue fugitives and dismantle the network’s financial infrastructure. The message is clear: sophisticated cybercrime is no longer confined to shadowy corners of the internet - it’s emptying ATMs in broad daylight, and the stakes couldn’t be higher.

Looking Forward

As U.S. prosecutors tighten the net around Tren de Aragua’s operatives, the case serves as a stark warning for banks, law enforcement, and anyone who relies on the humble ATM. In the digital age, the line between street crime and cyber warfare is thinner than ever - and the jackpot is only getting bigger.

WIKICROOK

• ATM Jackpotting: ATM jackpotting is a cyberattack where criminals force ATMs to dispense cash illegally by exploiting software or hardware vulnerabilities.
• Ploutus Malware: Ploutus Malware is malicious software used by criminals to control ATMs remotely, bypassing security measures to steal cash directly from machines.
• Foreign Terrorist Organization (FTO): A Foreign Terrorist Organization (FTO) is a group designated by the U.S. as terrorist, facing strict legal restrictions and penalties.
• Money Laundering: Money laundering hides the illegal origins of funds by making them appear legitimate, often using businesses or casinos to disguise the source.
• Grand Jury Indictment: A grand jury indictment is a formal charge issued after evidence review, allowing prosecution of alleged cybercrimes such as hacking or data breaches.