FBI Warns of Rising ATM Jackpotting Attacks, $20M Lost in 2025
scsecFebruary 22, 20261 Mins read 
The FBI has reported a significant rise in ATM jackpotting attacks across the United States, resulting in losses of over $20 million in 2025 alone. Since 2020, approximately 1,900 incidents have been recorded, with 700 occurring last year. According to the U.S. Department of Justice, total losses from jackpotting attacks since 2021 have reached about $40.73 million.
ATM jackpotting involves exploiting both physical and software vulnerabilities to dispense cash without a legitimate transaction. Cybercriminals often use malware, such as Ploutus, which interacts directly with ATM hardware and bypasses bank authorization systems. Attackers typically gain access to the ATM by opening the machine with generic keys, then deploy the malware by either removing the hard drive, copying the malicious software, and reinstalling it, or by replacing the hard drive entirely with a preloaded version.
The malware does not require a connection to an actual bank card or account, allowing it to work across ATMs from multiple manufacturers with minimal changes. Ploutus, first identified in Mexico in 2013, leverages the eXtensions for Financial Services (XFS) layer of ATM software. This allows attackers to issue commands directly to the ATM hardware, bypassing authorization processes and triggering cash dispensing in minutes, often without detection until after the theft occurs.
The FBI has recommended multiple steps to mitigate jackpotting risks, including:
- Enhancing physical security with sensors and cameras
- Replacing standard ATM locks with secure alternatives
- Auditing ATM devices and changing default credentials
- Enabling automatic shutdown if compromise indicators are detected
- Enforcing device allowlisting to prevent unauthorized hardware connections
- Maintaining detailed logs for security monitoring
These measures are critical for financial institutions to reduce the risk of ATM jackpotting attacks and protect customer funds.
1 Comment
Leave a Reply
Related Articles
PayPal Coding Error Exposed Social Security Numbers and Personal Data for Six Months
PayPal has disclosed a software error in its PayPal Working Capital (PPWC)...
Critical Grandstream GXP1600 Vulnerability Allows Silent Call Interception and Remote Root Access
A critical vulnerability has been discovered in Grandstream’s GXP1600 series VoIP phones...
AI-Powered Hacker Breaches 600+ FortiGate Firewalls in Just Five Weeks
A recent cybersecurity investigation by Amazon Integrated Security has revealed a Russian-speaking...
Massiv Android Banking Trojan Disguised as IPTV App Hijacks Accounts and Steals Digital IDs
A newly discovered Android banking trojan dubbed Massiv is disguising itself as...
The rise in ATM jackpotting attacks shows how cybercriminals are combining physical access with malware to bypass traditional banking security. Financial institutions should strengthen both physical and software defenses, including monitoring, device allowlisting, and automatic shutdowns, to prevent losses and protect customer funds.