Cybercriminals have escalated attacks on cash machines throughout 2025, successfully stealing at least $20 million across more than 700 incidents, according to a new security bulletin issued by the FBI. The federal agency warns that "jackpotting"—a technique once relegated to theoretical security research—has evolved into a lucrative criminal enterprise.
The report details how attackers are bypassing security measures through a combination of physical tampering and digital exploitation. Hackers are reportedly using generic keys to unlock ATM front panels, granting them direct access to internal hard drives. Once physical access is achieved, they plant malware designed to force the dispenser to eject currency without authorizing a withdrawal from a customer's account.
A specific malware strain identified as Ploutus has been cited as a primary tool in these operations. This malicious software targets the Windows operating systems that power many ATMs, exploiting the Extensions for Financial Services (XFS) middleware. By hijacking the communication protocol between the machine's software and hardware components—such as the card reader and cash dispenser—attackers can issue commands to dump cash in a matter of minutes.
The phenomenon marks a significant shift from the demonstration conducted by the late security researcher Barnaby Jack in 2010, proving that theoretical vulnerabilities now pose a severe financial threat. Because these attacks target the ATM hardware directly rather than individual bank accounts, they often remain undetected until the cash reserves are fully depleted.
Comments
Leave a comment