The FBI is warning of a surge in ATM jackpotting attacks, with over 700 incidents last year resulting in more than $20 million in losses.
Editorial
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.
Jackpotting – where crooks infect ATMs with malware to force the machines to dispense cash – has been a criminal tactic for years but the FBI has issued a Flash alert in the wake of an uptick in attacks – of 1900 incidents reported since 2020, 700 happened in 2025.
The bureau say many attacks are using the Plotus family malware, which exploits the eXtensions for Financial Services (XFS), the layer of software that instructs an ATM what to physically do. When a legitimate transaction occurs, the ATM application sends instructions through XFS for bank authorisation.
If a crook can issue their own commands to XFS, they can bypass bank authorisation entirely and instruct the ATM to dispense cash on demand – without using a bank card or customer account. Because Ploutus attacks the ATM itself, it enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn.
Gangs usually infect ATMs by simply removing ATM hard drives and copying the malware or replacing the hard drives with ones preloaded with the virus.
The FBI is urging ATM operators to step up their physical and hardware security, and to carry out firmware checks and disk encryption to help guard against attacks.
