FBI warns ATM "jackpotting" attacks are soaring - here's what you need to know

News
By published

Physically breaking into an ATM is getting more popular, FBI says

(Image credit: Pixabay)
  • FBI reports $20m stolen via ATM jackpotting in the US in recent years
  • Criminals use Ploutus malware and generic keys to bypass ATM authorization
  • 1,900 cases since 2020, with 700 incidents in 2025 alone

The FBI has warned ATM jackpotting, physically breaking into an ATM to install malware and get it to spill the money, is on the rise across the US.

The bureau claims criminals have been able to steal more than $20 million this way, noting they are able to open the ATM face by using “widely available generic keys”.

Once opened, the criminals remove the ATM’s hard drive and do one of two things: either infect it with malware and reinstall it, or they replace it with a different hard drive that already came preloaded with malware.

Rising trend

In both cases, the criminals would use the Ploutus malware variant, which exploits eXtensions for Financial Services (XFS), an open-standard API that ATMs, PoS terminals, and other similar devices, typically use. The malware allows the attackers to issue their own commands to XFS, bypassing authorizations and withdrawing money from the ATMs.

“When a legitimate transaction occurs, the ATM application sends instructions through XFS for bank authorization,” the FBI explained.

“If a threat actor can issue their own commands to XFS, they can bypass bank authorization entirely and instruct the ATM to dispense cash on demand. As a result, Ploutus allows threat actors to force an ATM to dispense cash without using a bank card, customer account, or bank authorization.”

ATM jacking was first spotted in 2020 and since then, around 1,900 such instances had been reported. In 2025, there were 700 reported cases, translating to roughly 37% of all incidents.

It is also worth mentioning that in these attacks, bank customers are not the victims, but rather the banks themselves. Since the attackers don’t have people’s cards, PIN codes, or bank account numbers, their funds remain intact.

Via The Register

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.