Metabase Q discovers a new variant of malware targeting Latin American banks

By Pavithra R

Metabase Q, an analytics-driven cybersecurity company securing Latin American organizations from cyber attacks, has announced its security research division, Ocelot, has discovered a new variant of Ploutus, one of the most sophisticated ATM malware families globally.

Ploutus was discovered for the first time in 2013. It enables criminals to empty ATMs by taking advantage of ATM middleware vulnerabilities via an externally connected device. Since its first discovery, Ploutus has evolved to target various XFS middleware types, focusing on banks across Mexico and Latin America. The new variant, dubbed Ploutus-I, builds upon capabilities of prior strains and is tailored to control ATMs from the Brazilian vendor Itautec. 

Itautec has been connected to other major ATM players over the years. In 2013, the Japanese manufacturer OKI, partnered with Itautec to enter the Brazilian market; subsequently, NCR acquired OKI’s IT services and selected software in Brazil in 2019.

Ploutus-I has always been written in .NET Framework as a method of further obfuscation to avoid signature-based detection and to make the reverse engineering task very challenging.

“Cybercrime is global, but company defenses remain regionally focused. Our goal at Metabase Q is to transform the state of cybersecurity in Latin America from a technological, educational and regulatory perspective. This discovery by Ocelot further demonstrates the state of cybercrime in our region and the caliber of our ATM-focused research team,” said Mauricio Benavides, CEO of Metabase Q.

Cybercriminals in LATAM have gotten significantly more sophisticated, and ATMs remain an insecure vector for many FIs, both from physical and logic-based attacks. This malware’s complexity highlights the evolution of cybercrime in LATAM and the increasing need for a change in companies’ defensive mindset.

Founded in 2017, Metabase Q is a cybersecurity managed services company focused on securing Latin American organizations from cyber attacks. The firm offers custom-designed cybersecurity solutions and services designed to optimally protect companies of various industries and sizes against cyber attacks.