Get 125% / $2,500 on 1st deposit!
New players only. Exclusive Welcome Bonus of up to $2,500
Cybersecurity authorities are reporting an increase in coordinated attacks against automated teller machines, where criminals manipulate devices to release cash illegally. Recent findings highlight a sharp escalation in activity during 2025.
Good to Know
ATM jackpotting first drew public attention in 2010 when security researcher Barnaby Jack demonstrated a live exploit at the Black Hat conference, forcing a machine to eject cash onstage. What once served as a proof of concept has since evolved into an organized criminal method targeting financial infrastructure worldwide.
A new FBI security bulletin states that attackers now combine physical access with software based intrusion techniques. Individuals may use generic master keys to open ATM panels, connect external devices to internal hardware, and install malicious programs designed to override normal transaction controls.
One of the primary tools identified is Ploutus malware, which targets machines running Windows based operating environments commonly used by ATM manufacturers. Once installed, Ploutus allows operators to send commands that trigger rapid cash disbursement without interacting with customer bank accounts.
Attack method focuses on the machine itself rather than account data, allowing criminals to bypass traditional fraud detection systems tied to card usage or transaction monitoring.
Ploutus exploits XFS, known as Extensions for Financial Services, a software layer that enables communication between ATM components such as the PIN keypad, card reader, and cash dispenser. By manipulating that interface, attackers can instruct the dispenser to release banknotes on command.
Federal investigators noted that such attacks can be completed within minutes, often before institutions detect abnormal activity.
“Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn,” according to the FBI bulletin.
Security specialists now warn that financial institutions must strengthen both physical safeguards and endpoint protection to counter threats that blend on site intrusion with targeted malware deployment.
A form of attack where criminals force a machine to dispense cash by manipulating hardware or installing malware rather than stealing from accounts.
FBI data recorded more than 700 incidents, resulting in at least 20 million dollars in losses.
A program that takes control of ATM operations by exploiting Windows systems and XFS communication software.
No. Method focuses on the ATM device itself, allowing cash withdrawal without accessing personal account information.
Operations occur quickly and bypass many traditional fraud monitoring tools tied to digital transactions.