March 21, 2026

ATM Malware Attacks Surge: Over $20 Million Stolen in 2025

Vaibhav February 20, 2026
ATM-Malware-Attacks-Surge-Over-20-Million-Stolen-in-2025data-1
Post Views: 93

ATM Malware Attacks Result in $20 Million Theft

A surge in ATM malware attacks has resulted in the theft of over $20 million from Americans in 2025, according to a recent warning from the FBI.

What are Jackpotting Attacks?

The attacks, known as “jackpotting,” involve the use of malicious software to force cash machines to dispense money without the need for a bank card, customer account, or bank approval.

Scope of the Problem

The FBI reported that there were over 700 jackpotting incidents in 2025, a significant increase from the approximately 1,900 total incidents reported across the United States since 2020.

These attacks can be carried out in a matter of minutes and often go undetected by financial institutions and ATM operators until the cash is already gone.

How the Malware Works

The malware used in these attacks, such as Ploutus, targets the software layer controlling an ATM’s physical hardware, bypassing the usual verification process with the bank.

This allows the attackers to issue commands directly to the ATM, triggering withdrawals on demand.

The malware exploits the eXtensions for Financial Services (XFS) layer, which instructs the ATM on what physical actions to take.

Installing the Malware

To install the malware, attackers typically gain physical access to the targeted ATM using widely available generic keys.

Once inside, they may remove the machine’s hard drive, copy the malware onto it, and reinstall it, or replace the original drive with one preloaded with the malicious software.

FBI Warning and Recommendations

The FBI is urging financial institutions to take steps to defend against these attacks, including auditing their ATM systems for signs of unauthorized removable storage use and unauthorized processes.

By combining this approach with gold image integrity validation, institutions can identify potential security breaches early on.

Recent Arrests

The warning comes after a series of arrests targeting members of the Tren de Aragua (TdA) gang, who were linked to a massive ATM jackpotting scheme that used Ploutus malware to steal millions in cash from bank ATMs across the United States.

A total of 87 Tren de Aragua members have been charged by the U.S. Department of Justice over the past six months, with potential prison terms ranging from 20 to 335 years each.



About Author

Vaibhav

See author's posts

More Stories

KACE Systems Management Vulnerability Exploited in Critical Quest Attacks

KACE Systems Management Vulnerability Exploited in Critical Quest Attacks

Vaibhav March 21, 2026
KACE Critical Vulnerability Exploited in Cyber Attacks: What You Need to Know

KACE Critical Vulnerability Exploited in Cyber Attacks: What You Need to Know

Vaibhav March 21, 2026
FBI Warns of Sophisticated Malware Campaign Utilizing Telegram as Command Center

FBI Warns of Sophisticated Malware Campaign Utilizing Telegram as Command Center

Vaibhav March 21, 2026

Latest Cyber Security News

KACE Systems Management Vulnerability Exploited in Critical Quest Attacks

KACE Systems Management Vulnerability Exploited in Critical Quest Attacks

Vaibhav March 21, 2026
KACE Critical Vulnerability Exploited in Cyber Attacks: What You Need to Know

KACE Critical Vulnerability Exploited in Cyber Attacks: What You Need to Know

Vaibhav March 21, 2026
FBI Warns of Sophisticated Malware Campaign Utilizing Telegram as Command Center

FBI Warns of Sophisticated Malware Campaign Utilizing Telegram as Command Center

Vaibhav March 21, 2026
Katihar Mule Account Cyber Fraud: Bank Manager, Chartered Accountant Among 4 Arrested

Katihar Mule Account Cyber Fraud: Bank Manager, Chartered Accountant Among 4 Arrested

Vaibhav March 21, 2026
Nagpur Police Introduces Strict SOP for Timely Handling of Cyber Fraud Cases

Nagpur Police Introduces Strict SOP for Timely Handling of Cyber Fraud Cases

Vaibhav March 21, 2026
en_USEnglish
en_USEnglish