1. Forum
  2. FIDO
  3. CONSPRCY

  • FBI warns ATM "jackpotting" attacks are soaring

    From Mike Powell@1:2320/105 to All on Sat Feb 21 13:01:47 2026
    FBI warns ATM "jackpotting" attacks are soaring - here's what you need to know

    By Sead Fadilpa?i? published yesterday

    Physically breaking into an ATM is getting more popular, FBI says

    FBI reports $20m stolen via ATM jackpotting in the US in recent years
    Criminals use Ploutus malware and generic keys to bypass ATM authorization
    1,900 cases since 2020, with 700 incidents in 2025 alone

    The FBI has warned ATM jackpotting, physically breaking into an ATM to install malware and get it to spill the money, is on the rise across the US. The bureau claims criminals have been able to steal more than $20 million this way, noting they are able to open the ATM face by using "widely available generic keys".

    Once opened, the criminals remove the ATM's hard drive and do one of two things: either infect it with malware and reinstall it, or they replace it with a different hard drive that already came preloaded with malware.

    Rising trend

    In both cases, the criminals would use the Ploutus malware variant, which exploits eXtensions for Financial Services (XFS), an open-standard API that ATMs, PoS terminals, and other similar devices, typically use. The malware allows the attackers to issue their own commands to XFS, bypassing authorizations and withdrawing money from the ATMs.

    "When a legitimate transaction occurs, the ATM application sends instructions through XFS for bank authorization," the FBI explained.

    "If a threat actor can issue their own commands to XFS, they can bypass bank authorization entirely and instruct the ATM to dispense cash on demand. As a result, Ploutus allows threat actors to force an ATM to dispense cash without using a bank card, customer account, or bank authorization."

    ATM jacking was first spotted in 2020 and since then, around 1,900 such instances had been reported. In 2025, there were 700 reported cases, translating to roughly 37% of all incidents.

    It is also worth mentioning that in these attacks, bank customers are not the victims, but rather the banks themselves. Since the attackers don't have people's cards, PIN codes, or bank account numbers, their funds remain
    intact.

    Via The Register


    https://www.techradar.com/pro/security/fbi-warns-atm-jackpotting-attacks-are-so aring-heres-what-you-need-to-know

    $$
    --- SBBSecho 3.28-Linux
    * Origin: Capitol City Online (1:2320/105)