FBI says ATM ‘jackpotting’ attacks are on the rise, and netting hackers millions in stolen cash
#ATM jackpotting #Ploutus malware #Cyberattacks #Cash dispensing #FBI security bulletin #XFS software #Windows vulnerabilities
📌 Key Takeaways
- Over 700 ATM jackpotting attacks occurred in 2025, netting criminals at least $20 million
- Hackers combine physical access methods with sophisticated malware like Ploutus
- Ploutus targets Windows operating systems and XFS software controlling ATMs
- Attacks enable fast cash-out operations that are difficult to detect until after money is withdrawn
📖 Full Retelling
The FBI has reported a significant increase in ATM 'jackpotting' attacks across the United States in 2025, with criminals employing both physical access methods and sophisticated malware to steal at least $20 million from cash dispensers. These attacks, which trick ATMs into spitting out cash on demand, have evolved from theoretical security research into a major criminal operation, with more than 700 incidents documented by federal authorities in the past year alone. The FBI's security bulletin reveals that hackers are using a combination of techniques, including generic keys to unlock ATM front panels and specialized malware that targets the underlying Windows operating systems powering many cash machines. The most concerning development is the proliferation of the Ploutus malware, which affects multiple ATM manufacturers and grants criminals full control over compromised machines, enabling them to issue commands that force rapid cash dispensing without deducting funds from customer accounts. Security experts note that Ploutus specifically targets the XFS (eXtensions for Financial Services) software that ATMs rely on to communicate with various hardware components, creating vulnerabilities that are difficult to detect until after the money has been withdrawn.
🏷️ Themes
Cybersecurity, Financial Crime, Technology Vulnerabilities
📚 Related People & Topics
Cyberattack
Attack on a computer system
A cyberattack (or cyber attack) occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content. The rising dependence on increasingly complex and interconnected computer systems in most domains of life is th...
Entity Intersection Graph
Connections for Cyberattack:
👤
The Interview
1 shared
🏢
Sony Pictures
1 shared
👤
Michael Lynton
1 shared
🌐
North Korea
1 shared
🏢
Microsoft
1 shared
Original Source
In 2010, the famed security researcher Barnaby Jack spectacularly hacked into an ATM cash machine on stage at the Black Hat security conference, forcing it to spit out reams of bank notes in front of an awestruck audience. More than a decade later, ATM jackpotting — as it’s called — has broken free from the realms of theoretical security research into big business in the criminal world. According to a new security bulletin issued by the FBI, hackers have rapidly ramped up their attacks in recent years, with more than 700 attacks on cash dispensers during 2025 alone, netting hackers at least $20 million in stolen cash. Per the bulletin , the FBI says hackers are using a mix of physical access to ATM machines, such as generic keys for unlocking front panels and accessing hard drives, and digital tools, like planting malware that can force ATMs to rapidly dispense cash in a flash. The FBI warned that one particular malware, known as Ploutus , affects a variety of ATM manufacturers and cash dispensers by targeting the underlying Windows operating system that powers many ATMs. Ploutus grants the hackers full control over a compromised ATM, allowing them to issue instructions capable of tricking the dispenser into disbursing notes without drawing funds from customer accounts. Ploutus takes advantage of extensions for financial services, or XFS software, which ATMs rely on to communicate with its various other hardware components, such as the PIN keypad, the card reader, and the all-important cash dispensing unit. “Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn,” per the FBI bulletin. Security researchers previously found issues with XFS software that can allow hackers to trick ATMs into dispensing cash. Updated the lede paragraph to amend date. Topics ATM , cash machine , cyberattacks , cybersecurity , jackpotting , Security Zack ...
Read full article at source