New malware hacks ATMs to spit out free cash

(Image credit: Shutterstock)

Details of a major cybercrime campaign that used so-called jackpotting attacks have been uncovered thanks to a joint investigation conducted by Motherboard and the German broadcaster Bayerischer Rundfunk (BR).

Jackpotting is a technique in which cybercriminals use either malware or a piece of hardware to trick an ATM into ejecting all of the cash it contains. A stolen credit card isn't required to launch a jackpotting attack and those behind these attacks usually install the malware onto an ATM by opening a panel on the machine to gain access to a USB port.

Motherboard and BR's investigation revealed that while jackpotting attacks have decreased in Europe during the first half of this year, multiple sources have said that the number of attacks in other parts of the world have increased.

The US, Latin America and Southeast Asia have all faced jackpotting attacks recently and banks as well as ATM manufacturers have been impacted across the financial industry.


Back in 2010 at the annual Black Hat cybersecurity conference, the late researcher Barnaby Jack showed of his own strain of ATM malware live on stage. Once the malware was successfully deployed to the ATM, the word “JACKPOT” was displayed on its screen as the device spit out bank notes.

When it comes to the jackpotting attacks which occurred in Germany during 2017, prosecuting attorney Christoph Hebbecker revealed to the joint investigation that 10 incidents took place between February and November in which attackers were able to steal 1.4m Euro. However, now jackpotting has made a comeback as cybercriminals look to illegally earn funds in the real world.

One of the main issues with ATM security is that many ATMs are essentially aging Windows computers that are very old and slow. ATM manufacturers have made security improvements to their devices over the years but unfortunately that doesn't necessarily mean that all ATMs across the industry are up to the same standard.

Executive director of the ATM Industry Association in the US, Canada and Americas, David N Tente explained to Vice how banks can better protect their ATMs from jackpotting attacks, saying:

"In order to execute a jackpotting attack, you have to have access to the internal components of the ATM. So, preventing that first physical attack on the ATM goes a long way toward preventing the jackpotting attack."

In the world of cybersecurity, attack methods that fall out of favor with cybercriminals are often revived later on and that certainly seems to be the case with the recent wave of jackpotting attacks.

Via Vice

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.