16.1 C
Delhi
Saturday, February 21, 2026

FBI warns of ATM Jackpotting incidents across America: What are they, how they work and how to detect one

The Federal Bureau of Investigation (FBI) has released a flash to disseminate indicators of compromise (IOCs) and technical details associated with malware enabled ATM jackpotting. Threat actors exploit

physical and software vulnerabilities in ATMs and deploy malware to dispense cash without a legitimate transaction. The FBI has observed an increase in ATM jackpotting incidents across the United States. Out of 1,900 ATM jackpotting incidents reported since 2020, over 700 of them with more than $20 million in losses occurred in 2025 alone. This FLASH is being provided to encourage organizations to implement the recommended mitigation steps and to outline the information requested from the public.

Threat actors are deploying ATM jackpotting malware, including the Ploutus family malware, to infect ATMs and force them to dispense cash. Ploutus malware exploits the eXtensions for Financial Services (XFS), the layer of software that instructs an ATM what to physically do. When a legitimate transaction occurs, the ATM application sends instructions through XFS for bank authorization. If a threat actor can issue their own commands to XFS, they can bypass bank authorization entirely and instruct the ATM to dispense cash on demand.

As a result, Ploutus allows threat actors to force an ATM to dispense cash without using a bank card, customer account, or bank authorization. Once Ploutus is installed on an ATM, it gives threat actors direct control over the machine, allowing them to trigger cash withdrawals. Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn.

Common methods of used to infect ATMs

After gaining access to ATMs, most often by opening an ATM face with widely available generic keys, ATM jackpotting threat actors have used several main methods to deploy malware:

• Criminals remove the ATM’s hard drive, connect it to their computer, copy the malware to the hard drive, return the hard drive to the ATM, and reboot the ATM.

• Criminals remove the ATM’s hard drive, replace it with a foreign hard drive or other external device with preloaded malware, and reboot the ATM.

How ATM malware works

The malware interacts directly with the ATM hardware, bypassing any communications or security of the original ATM software. The malware does not require connection to an actual bank customer account to

dispense cash. The malware can be used across ATMs of different manufacturers with very little adjustment to the code as the Windows operating system is exploited during the compromise.

What are the Physical Indicators of an infected ATM

* ATM door open alerts outside of planned maintenance schedule

* Low/No cash indicators outside of expected use schedule

* Unauthorized devices plugged into the ATM

* Removal of hard drives from ATMs

* ATM unexpectedly out of service

Latest

“Great meeting”: OpenAI CEO Sam Altman on meeting PM Modi, says “incredible energy around AI in India”

OpenAI CEO Sam Altman described his meeting with Prime Minister Narendra Modi on Friday as great and highlighted the remarkable momentum of artificial intellige

IT leaders discuss AIs impact on SaaS at India AI Impact Summit

IT leaders discuss AI's impact on SaaS at India AI Impact Summit

Many nations have lauded Indias move to mandate AI labelling, says Vaishnaw, as new IT rules take effect

Many nations have lauded India's move to mandate AI labelling, says Vaishnaw, as new IT rules take effect

US leads AI brain race followed by China, Singapore

US leads AI brain race followed by China, Singapore; India at 6th spot: Report

ChatGPT crosses 100 million weekly users in India; 18–24-year-olds send half the messages: OpenAI

OpenAI has revealed that 50% of ChatGPT messages in India come from users aged 18-24. The country has surpassed 100 million weekly active users, with 35% using

Topics

Tarot Horoscope Today for February 20, 2026: Find what the cards brings for each zodiac signs

Tarot Card Reading: This article will dive into the tarot predictions for each zodiac sign for February 21, 2026, with our expert's predictions.

Brazil’s Lula says Maduro should be tried in Venezuela, not abroad

Lula said Nicolas Maduro should be tried in Venezuela, not abroad, rejecting foreign intervention and calling for Venezuelans to restore democracy, while highli

Whoopi Goldberg-Epstein connection: What Epstein files says about The View host; ‘looking for private owners’

The View host Whoopi Goldberg already addressed her name being mentioned in the documents related to late convicted child sex offender Jeffrey Epstein.

New $10,000 IRS tax deduction: Who qualifies and how to claim it. Details out

New vehicle buyers in 2025 may qualify for a federal tax deduction of up to $10,000 on auto loan interest, subject to income and eligibility rules.

Aquarius Horoscope Today for February 21, 2026: Here’s how your finances bring steady results

Aquarius Daily Horoscope Today: If you plan a purchase, compare options and wait a day before deciding.

Capricorn Horoscope Today for February 21, 2026: This one career advice might open a door to new opportunities

Capricorn Daily Horoscope Today: A small helpful action today may open a useful opportunity tomorrow if you follow sensible steps.

Asha Sharma: 5 key things about Microsoft AI replacing Phil Spencer as Xbox boss

Asha Sharma, former head of Microsoft's AI enterprise teams, will lead Microsoft Gaming following Phil Spencer's departure.

Sagittarius Horoscope Today for February 21, 2026: Follow these financial tips for good returns

Sagittarius Daily Horoscope Today: Money looks fine for small needs and little treats today
spot_img

Related Articles

Popular Categories

spot_imgspot_img