FBI warns ATM ‘jackpotting’ attacks surge; hackers steal $20m in 2025

ATM “jackpotting” attacks are escalating across the United States and beyond, with cybercriminals netting at least $20 million in stolen cash this year alone, according to a new security bulletin from the Federal Bureau of Investigation (FBI).

The alert notes that more than 700 attacks on cash machines have been recorded in 2025, marking a sharp increase in incidents targeting automated teller machines. Once viewed as a dramatic but largely theoretical security stunt—famously demonstrated by researcher Barnaby Jack at the 2010 Black Hat conference—jackpotting has evolved into a lucrative criminal enterprise.

In its bulletin, the FBI said attackers are combining physical intrusion with sophisticated malware to compromise ATMs. Criminals have reportedly used generic keys to open ATM cabinets, granting access to internal hard drives and system components. Once inside, they deploy malicious software capable of forcing machines to rapidly dispense cash on command.

One strain of malware highlighted in the warning is Ploutus, which targets ATMs running on the Windows operating system—the backbone of many cash dispensers globally. According to the FBI, Ploutus enables attackers to seize full control of an infected machine, allowing them to issue commands that trigger unauthorized cash disbursements without impacting individual customer accounts.

READ ALSO: North Korean hackers behind bulk of $2.7bn crypto theft in 2025, data reveal

The malware exploits vulnerabilities in Extensions for Financial Services (XFS) software—a middleware layer that allows ATMs to communicate with critical hardware components such as card readers, PIN pads, and cash dispensing units. By manipulating this interface, attackers can effectively instruct the machine to release funds directly from its vault.

“Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn,” the FBI stated in the bulletin.

Security researchers have previously flagged weaknesses in XFS implementations, warning that inadequate hardening and patch management can expose machines to exploitation.

The surge in jackpotting attacks reflects a broader trend in cybercrime, where financially motivated actors are targeting critical financial infrastructure rather than individual consumers—shifting the battlefield from phishing inboxes to the hardware that underpins everyday banking.

The post FBI warns ATM ‘jackpotting’ attacks surge; hackers steal $20m in 2025 appeared first on Latest Nigeria News | Top Stories from Ripples Nigeria.