The Rise of ATM Jackpotting: A Growing Threat in the Criminal World
In 2010, the renowned security researcher Barnaby Jack made headlines when he hacked into an ATM cash machine onstage at the Black Hat security conference, causing it to dispense a large amount of banknotes in front of a mesmerized audience. Fast forward to today, more than a decade later, ATM jackpotting has evolved from a mere concept in security research to a lucrative enterprise in the criminal underworld.
Recent reports from the FBI reveal a concerning trend in ATM attacks, with over 700 incidents recorded in 2025 alone, resulting in hackers pocketing at least $20 million in stolen cash. These cybercriminals employ a combination of physical access techniques, such as using generic keys to unlock ATM panels and access internal components, along with digital tools like malware that can manipulate ATMs to dispense cash rapidly.
According to the FBI’s security bulletin, one particularly notorious malware called Ploutus targets a wide range of ATM manufacturers by exploiting vulnerabilities in the underlying Windows operating system, which powers many ATMs. This malware grants hackers complete control over compromised ATMs, allowing them to issue commands that trick the machines into dispensing cash without deducting funds from customer accounts.
Ploutus takes advantage of XFS software, which facilitates communication between an ATM’s various hardware components, including the PIN keypad, card reader, and cash dispenser. By exploiting flaws in the XFS software, hackers can execute “fast cash-out” operations that go undetected until the money has already been withdrawn.
Security experts have previously identified weaknesses in XFS software that could be exploited to manipulate ATMs into dispensing cash, highlighting the ongoing vulnerability of these machines to sophisticated cyber attacks.
Update: The lede paragraph has been revised to correct the date.
