- FBI reports $20m stolen via ATM jackpotting in the US in recent years
- Criminals use Ploutus malware and generic keys to bypass ATM authorization
- 1,900 cases since 2020, with 700 incidents in 2025 alone
The FBI has warned ATM jackpotting, physically breaking into an ATM to install malware and get it to spill the money, is on the rise across the US.
The bureau claims criminals have been able to steal more than $20 million this way, noting they are able to open the ATM face by using “widely available generic keys”.
Once opened, the criminals remove the ATM’s hard drive and do one of two things: either infect it with malware and reinstall it, or they replace it with a different hard drive that already came preloaded with malware.
Rising trend
In both cases, the criminals would use the Ploutus malware variant, which exploits eXtensions for Financial Services (XFS), an open-standard API that ATMs, PoS terminals, and other similar devices, typically use. The malware allows the attackers to issue their own commands to XFS, bypassing authorizations and withdrawing money from the ATMs.
“When a legitimate transaction occurs, the ATM application sends instructions through XFS for bank authorization,” the FBI explained.
“If a threat actor can issue their own commands to XFS, they can bypass bank authorization entirely and instruct the ATM to dispense cash on demand. As a result, Ploutus allows threat actors to force an ATM to dispense cash without using a bank card, customer account, or bank authorization.”
ATM jacking was first spotted in 2020 and since then, around 1,900 such instances had been reported. In 2025, there were 700 reported cases, translating to roughly 37% of all incidents.
It is also worth mentioning that in these attacks, bank customers are not the victims, but rather the banks themselves. Since the attackers don’t have people’s cards, PIN codes, or bank account numbers, their funds remain intact.
Via The Register
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
