This story was originally posted on MyNorthwest.com
A federal grand jury returned additional indictments charging 31 individuals for a large conspiracy to steal millions of dollars from ATMs across the U.S., with a majority of the defendants being affiliated with Tren de Aragua.
The total number of defendants charged in the case has now reached 87 Venezuelan and Colombian nationals, alleging numerous counts of bank fraud and burglary, among others, the U.S. Department of Justice (DOJ) announced.
“Tren de Aragua is a complex terrorist organization that commits serious financial crimes in addition to horrific rapes, murders, and drug trafficking,” Attorney General Pamela Bondi said. “This Department of Justice has already prosecuted more than 290 members of Tren de Aragua and will continue working tirelessly to put these vicious terrorists behind bars after the prior administration let them infiltrate our country.”
Tren de Aragua’s malware scheme targeted banks nationwide
The scheme involved deploying a variant of malware known as Ploutus, which the defendants used to hack into ATMs, forcing them to produce cash. Several individuals were recruited to deploy the malware device on systems nationwide.
Members of the conspiracy would travel in groups to various bank and credit union locations that were targets of the scheme. The groups would conduct initial reconnaissance and take note of external security features surrounding the ATMs.
The groups would then open the hood or door of the ATM and wait nearby to see if any alarms had triggered or if a law enforcement agency was responding.
If clear, the groups would install the malware device by removing the ATM’s hard drive and installing the malware directly with a new hard drive that contained the Ploutus malware. An external device, such as a thumb drive, would also be used to deploy the malware program.
The primary purpose of Ploutus was to issue unauthorized commands to the ATM’s cash dispensing module, forcing withdrawals. The malware was also designed to delete evidence of the malware in an effort to conceal and deceive bank employees from learning about the software.
Members of the conspiracy would then split all proceeds into predetermined portions that were stolen in the scheme.
“Tren de Aragua uses ATM jackpotting crimes committed all across America to fund its terrorist organization, which is responsible for horrific crimes such as human trafficking, kidnapping, murder, and other unspeakably evil and violent acts,” said U.S. Attorney Lesley A. Woods for the District of Nebraska. “The U.S. Attorney’s Office for the District of Nebraska will fight TdA directly by taking every action at our disposal to shut down their financial pipeline and handicap their ability to terrorize American communities.”
Over the past six months, the DOJ has charged 87 members and leaders of Tren de Aragua with several federal offenses. The charges included material supporting a designated foreign terrorist organization, bank burglary, money laundering, damage and unauthorized access to protected computers, bank fraud, and conspiracy to commit the same offenses.
A total of 75 law enforcement agencies across the United States worked together in the months-long investigation to bring the 87 defendants to justice.
If convicted, each defendant would face between 20 and 335 years of imprisonment.
History of Tren de Aragua’s crimes in the U.S.
Tren de Aragua is a violent transnational criminal organization that began as a prison gang in the mid-2000s in Venezuela, according to court documents. Since then, Tren de Aragua has expanded its criminal network throughout the western hemisphere and throughout the U.S.
Tren de Aragua’s criminal activities can range from drug and firearms trafficking to commercial sex trafficking, kidnapping, robbery, theft, fraud, and extortion. DOJ noted many Tren de Aragua members have committed murder, assault, and other violent crimes as part of the organization’s criminal activities.
The organization has also developed a revenue stream through financial crimes by targeting financial institutions, such as the Ploutus malware scheme, which stole millions of dollars.
Follow Jason Sutich on X. Send news tips here.
©2026 Cox Media Group
