FBI Reports 700 ATM Jackpotting Attacks Caused $20 Million in Losses in 2025

Vaibhav February 20, 2026
FBI-Reports-700-ATM-Jackpotting-Attacks-Caused-20-Million-in-Losses-in-2025data-4
Post Views: 132

Malware-Enabled ATM Jackpotting Attacks Surge in US, Resulting in $20 Million in Losses

A recent alert issued by the Federal Bureau of Investigation (FBI) highlights a significant increase in malware-enabled ATM jackpotting attacks across the United States. According to the agency, approximately 1,900 such incidents have been reported since 2020, with a notable spike of over 700 attacks in 2025 alone. The total financial losses resulting from these attacks have exceeded $20 million.

What are ATM Jackpotting Attacks?

ATM jackpotting attacks involve the physical compromise of a targeted machine to install malware that manipulates the cash-dispensing module to eject currency. The US has taken a strong stance against these types of attacks, prosecuting numerous individuals involved in these operations, many of whom are Venezuelan nationals facing deportation.

The Malware Used in Attacks

The FBI’s alert notes that multiple malware families are employed in ATM jackpotting attacks, but the most commonly used is Ploutus. This malware has been active for over a decade, although its usage had decreased since its peak in 2017 and 2018. However, recent incidents suggest that Ploutus remains a widely used tool among threat actors.

Once installed on an ATM, Ploutus grants attackers direct control over the machine, enabling them to initiate cash withdrawals. Unlike traditional attacks that target customer accounts, Ploutus attacks the ATM itself, allowing for rapid cash-out operations that can occur within minutes and often remain undetected until after the funds have been withdrawn. Furthermore, the malware can be easily adapted to compromise ATMs from various manufacturers, as it exploits the Windows operating system.

Indicators of Compromise and Prevention

The FBI has provided indicators of compromise (IoCs) to aid organizations in detecting these attacks. However, it is essential to note that Ploutus is designed to autonomously delete its own code, making it challenging for forensic investigators and bank employees to detect.

The continued use of Ploutus in ATM jackpotting attacks highlights the need for organizations to remain vigilant and implement robust security measures to prevent these types of incidents.



About Author

Vaibhav

See author's posts

More Stories

Not-All-CISO-Roles-Are-Equally-Demanding-and-Challenging-Insights-from-ESET-Mimecast-at-RSAC

Not All CISO Roles Are Equally Demanding and Challenging: Insights from ESET, Mimecast at RSAC

Vaibhav April 15, 2026
Sitehops-SAFEcore-Edge-Offers-Ultra-Low-Latency-Post-Quantum-Encryption-Solutions

Sitehops SAFEcore Edge Offers Ultra-Low Latency Post Quantum Encryption Solutions

Vaibhav April 15, 2026
India-s-Largest-Cryptocurrency-Scandal-Worth-17-000-Crore

India’s Largest Cryptocurrency Scandal Worth ₹17,000 Crore

Vaibhav April 15, 2026

Latest Cyber Security News

Not-All-CISO-Roles-Are-Equally-Demanding-and-Challenging-Insights-from-ESET-Mimecast-at-RSAC

Not All CISO Roles Are Equally Demanding and Challenging: Insights from ESET, Mimecast at RSAC

Vaibhav April 15, 2026
Sitehops-SAFEcore-Edge-Offers-Ultra-Low-Latency-Post-Quantum-Encryption-Solutions

Sitehops SAFEcore Edge Offers Ultra-Low Latency Post Quantum Encryption Solutions

Vaibhav April 15, 2026
IPL-Ticket-Scam-Woman-Loses-52-500-Using-Fake-QR-Codes-in-Bengaluru

IPL Ticket Scam: Woman Loses ₹52,500 Using Fake QR Codes in Bengaluru

Vaibhav April 15, 2026
India-s-Largest-Cryptocurrency-Scandal-Worth-17-000-Crore

India’s Largest Cryptocurrency Scandal Worth ₹17,000 Crore

Vaibhav April 15, 2026
Microsoft-Resolves-Critical-Bug-Affecting-Automatic-Windows-Server-2025-Updates

Microsoft Resolves Critical Bug Affecting Automatic Windows Server 2025 Updates

Vaibhav April 15, 2026
en_USEnglish
en_USEnglish