Criminals are increasingly using ATM jackpotting malware to steal cash, with the FBI reporting more than 1,900 incidents since 2020 and over 700 in 2025 that involved more than $20 million in losses. The Ploutus family of malware lets attackers bypass XFS and directly control ATMs—often after gaining physical access with generic keys—enabling rapid, hard-to-detect cash withdrawals across multiple vendors. #Ploutus #DieboldNixdorf
Keypoints
- The FBI has tracked over 1,900 ATM jackpotting incidents since 2020 and over 700 in 2025, with more than $20 million in losses.
- Ploutus malware can issue commands to XFS to bypass bank authorization and force ATMs to dispense cash.
- Attackers commonly gain physical access using generic keys to remove or replace ATM hard drives and install malware.
- The malware interacts directly with ATM hardware and can be adapted across different manufacturers by exploiting Windows.
- Federal indictments tied a ring using Ploutus to at least $5.4 million stolen from credit union ATMs, underscoring long-standing warnings about this family of malware.
Read More: https://therecord.media/fbi-atm-jackpotting-2025-report