• $20 million lost in ‘jackpotting’ ATM malware attacks in 2025, FBI reports - scheme forces machines to spit out cash, targets banks and ATM operators This malware essentially takes over ATMs, allowing attackers to steal freely from them. • Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox. • You are now subscribed Your newsletter sign-up was successful The Federal Bureau of Investigation (FBI) has issued a cybersecurity alert warning the public of the increasing malware attacks on ATMs. • According to the FBI FLASH document (PDF), threat actors are breaking into these machines using generic keys to open their maintenance cabinets. • They remove the storage drive, load malware onto it-or replace it with a compromised one-and then reboot the machine to load the payload. • Ploutus is one malware used in these types of attacks, in which it exploits the eXtensions for Financial Services (XFS) software.
Article Summaries:
- The FBI has warned that “jackpotting” malware attacks on ATMs have cost banks and ATM operators more than $20 million in 2025 alone. The FBI’s alert explains that threat actors gain physical access to machines, replace or load malware onto the storage drive, and then reboot the ATM to run the payload. The Ploutus malware exploits the XFS interface to override transaction authorisation, allowing attackers to dispense cash without a card or account. Since 2020, 1,900 attacks have been reported, with over 700 occurring in 2025. The attacks target the Windows OS used in most ATMs, regardless of brand, and the FBI recommends monitoring for unauthorized files, disabling USB ports, and upgrading security measures.
Sources: