FBI says ATM ‘jackpotting’ attacks are on the rise, and netting hackers millions in stolen cash
Summary
ATM jackpotting has evolved from a security demo to a widespread criminal operation. The FBI reports over 700 attacks in 2025, netting $20M, often using malware like Ploutus to force ATMs to dispense cash.
ATM jackpotting is now a major criminal enterprise
Hackers stole at least $20 million in 2025 through more than 700 attacks forcing ATMs to rapidly dispense cash, according to a new FBI security bulletin. This marks a shift from a theoretical conference demonstration over a decade ago to a widespread criminal operation.
The FBI warns that criminals are using a combination of physical and digital tools. They gain physical access using generic keys to open ATM panels and then deploy malware to take control of the machines.
Ploutus malware gives hackers full ATM control
A primary tool is malware called Ploutus, which targets the Windows operating system running on many ATMs. Once installed, it gives attackers complete command, allowing them to order the machine to dispense cash without debiting any customer bank accounts.
The malware exploits a standard software layer called extensions for financial services (XFS). This software is crucial as it allows the ATM's core system to communicate with its hardware components, like the card reader and cash dispenser.
By attacking the ATM's own software rather than a bank's network, these "jackpotting" attacks are fast and hard to detect. The cash-out can happen in minutes, often before anyone notices the breach.
The evolution from research stunt to real threat
The public demonstration of this threat dates back to 2010. At the Black Hat security conference, researcher Barnaby Jack famously hacked an ATM on stage, making it spew cash.
Today, the technique has been fully weaponized. The FBI bulletin highlights the scale and financial impact, confirming it as a persistent and costly threat to financial infrastructure.
Security researchers have long warned about vulnerabilities in the XFS standard that could enable such attacks. The FBI's report confirms these weaknesses are now being actively exploited in the wild.
- Primary Malware: Ploutus
- Target: ATM Windows OS & XFS software layer
- 2025 Attacks: Over 700 incidents
- 2025 Losses: At least $20 million
- Method: Physical access combined with malicious software
Related Articles
HackerOS is what a Linux enthusiast’s OS should be
HackerOS is a versatile Debian-based Linux distribution with multiple editions for different users. It includes unique features like a helpful ZSH terminal and fun "hacker" commands, making it appealing for both regular users and enthusiasts.
Rising identity complexity: How CISOs can prevent it from becoming an attacker’s roadmap
Identity has evolved from simple usernames to include machines, APIs, and cloud services, massively expanding the attack surface. Modern IAM must shift from administration to active defense, focusing on continuous posture assessment, attack path analysis, and automated response to prevent breaches.
Stay in the loop
Get the best AI-curated news delivered to your inbox. No spam, unsubscribe anytime.