US to deport Venezuelans who emptied bank ATMs using malware

News

Featured
Latest

Curl ending bug bounty program after flood of AI slop reports

INC ransomware opsec fail allowed data recovery for 12 US orgs

Cisco fixes Unified Communications RCE zero day exploited in attacks

Hackers exploit 29 zero-days on second day of Pwn2Own Automotive

US to deport Venezuelans who emptied bank ATMs using malware

Hackers exploit critical telnetd auth bypass flaw to get root

What an AI-Written Honeypot Taught Us About Trusting Machines

Microsoft: Outlook for iOS crashes, freezes due to coding error

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityUS to deport Venezuelans who emptied bank ATMs using malware

US to deport Venezuelans who emptied bank ATMs using malware

By Sergiu Gatlan

January 23, 2026
11:38 AM
0

South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences.
34-year-old Luz Granados and 40-year-old Johan Gonzalez-Jimenez have previously pleaded guilty to conspiracy and computer crimes for emptying older ATM models throughout the southeastern United States.
The pair connected laptops to targeted Automated Teller Machines (ATMs) and installed malware that bypassed security protocols, forcing the machines to dispense all available cash.

All the stolen funds came directly from the banks rather than individual customer accounts, hitting institutions in South Carolina, Georgia, North Carolina, and Virginia.
"The defendants would approach an ATM at nighttime and remove the outer casing of the machine and then connect a laptop computer to install malware which overcame the ATM's security protocols," the Justice Department said. "Once installed, the ATMs dispersed cash to the perpetrators until the ATM's funds are exhausted."
U.S. District Judge Mary Geiger Lewis sentenced Gonzalez-Jimenez to 18 months in federal prison and ordered him to pay $285,100 in restitution before deportation. Granados remains in custody awaiting deportation after being sentenced to time served and ordered to pay $126,340 in restitution.
The District of South Carolina shared evidence obtained during the investigation with Nebraska authorities, which led to a federal grand jury in Nebraska indicting 54 individuals in a related ATM jackpotting conspiracy that allegedly led to the theft of millions from ATMs across the United States.
The Nebraska indictments also target Jimena Romina Araya Navarro, an entertainer and one of the alleged leaders of the Tren de Aragua Venezuelan gang, who was sanctioned by the Department of the Treasury's Office of Foreign Assets Control in December.
Prosecutors said the defendants deployed a Ploutus malware variant by removing the ATM's hard drive and installing it directly, using external devices like thumb drives, or replacing the ATM's hard drive with one that was already infected. Once deployed, the malware forced unauthorized cash withdrawals and deleted evidence to conceal the attacks from bank employees.
Last month, the Justice Department also announced five other Venezuelan nationals are also facing "immediate deportation" after being sentenced or pleading guilty for their involvement in ATM jackpotting thefts across multiple U.S. states.

The 2026 CISO Budget Benchmark
It's budget season! Over 300 CISOs and security leaders have shared how they're planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.
Download Now

Related Articles:
VoidLink cloud malware shows clear signs of being AI-generatedNew PDFSider Windows malware deployed on Fortune 100 firm's networkFake ad blocker extension crashes the browser for ClickFix attacksStealC hackers hacked as researchers hijack malware control panelsMonroe University says 2024 data breach affects 320,000 people

ATM
Bank
Jackpotting
Malware
USA
Venezuela

Sergiu Gatlan
Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Popular Stories

Fortinet admins report patched FortiGate firewalls getting hacked

Hackers breach Fortinet FortiGate devices, steal firewall configs

Zendesk ticket systems hijacked in massive global spam wave

Sponsor Posts

Exposure Management Index: Insights From 3,000+ Teams. Get The Report.

Overdue a password health-check? Audit your Active Directory for free

Identity Governance & Threat Detection in one: Get a guided tour of our platform

Discover how phishing kits are sold and deployed. Download the full research report.

  Upcoming Webinar

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

This document details a criminal case involving two Venezuelan nationals, Luz Granados and Johan Gonzalez-Jimenez, and a broader conspiracy targeting U.S. banks through ATM jackpotting schemes in 2026. The operation, orchestrated by figures associated with the Tren de Aragua gang, involved the deployment of a Ploutus malware variant to drain funds from ATMs across South Carolina, Georgia, North Carolina, and Virginia.

The core tactic utilized by the perpetrators, coordinated by individuals like Jimena Romina Araya Navarro, centered on physically accessing ATMs, removing the outer casings, and installing infected laptops capable of executing the malware. This malware bypassed ATM security protocols, forcing the machines to dispense all available cash. The attackers employed various methods to install the malware, including direct hard drive replacement and the use of thumb drives, often accompanied by the deletion of evidence to conceal their activities from bank personnel.

Prosecutors successfully built a case, partly through evidence shared with Nebraska authorities, leading to the indictment of 54 individuals in a related scheme spanning multiple states and targeting millions in ATM withdrawals. Authorities also swiftly initiated deportation proceedings against Granados and Gonzalez-Jimenez, alongside five other Venezuelan nationals convicted or pleading guilty to similar crimes.

The investigation highlighted the sophisticated nature of cybercrime, particularly the use of malware like Ploutus in targeted attacks against financial institutions. The case underscored the importance of constant monitoring and proactive security measures to mitigate threats posed by organized criminal groups, such as the Tren de Aragua, who are exploiting vulnerabilities in ATM systems for financial gain. The successful prosecution of these individuals represented a significant effort by U.S. law enforcement to combat this emerging form of fraud. The investigation also triggered a broader awareness of the risks associated with ATM security and prompted calls for increased vigilance from the financial sector.