ATM jackpotting attacks surge across the U.S.

written by Kurt Knutsson
Kurt warning about ATM jackpotting attacks surge across U.S.
At a glance
  • The FBI warns that ATM jackpotting attacks are rising across the United States.
  • Hackers use malware like Ploutus to force ATMs to dispense cash without a card.
  • Nearly 1,900 attacks have been reported since 2020, with losses topping $20 million this year.
  • Outdated Windows systems inside ATMs make many machines vulnerable to exploitation.

 

You swipe your card and enter your PIN. You grab your cash and head out the door. It feels routine and secure. Most of us never give it a second thought. However, some ATMs are quietly being turned into cash machines for criminals.

The Federal Bureau of Investigation recently issued a cybersecurity alert about a rise in malware attacks targeting ATMs. These incidents are known as jackpotting attacks. In simple terms, hackers force machines to spit out money on command.

The numbers are growing. Since 2020, nearly 1,900 attacks have been reported. More than a third occurred just last year. In 2025 alone, losses have already exceeded $20 million. So what is really happening inside these machines, and why is the threat accelerating now?

 

 

Attackers can physically access an ATM’s internal components, install malware and force the machine to dispense cash.

 

How ATM jackpotting attacks work

This is not a Hollywood hacking scene. In many cases, attackers use generic keys to open the ATM’s maintenance cabinet. Once inside, they remove the storage drive. Then they load malware onto it or swap it with a compromised one.

After rebooting the machine, the malicious software takes control. One of the most widely used tools is a malware strain called Ploutus. It targets software known as XFS, which ATMs use to communicate with bank networks and authorize transactions.

Instead of asking the bank for permission, the malware overrides that process. It sends its own commands to the machine. The result? The ATM dispenses cash without a card, without an account and without a legitimate transaction. That is jackpotting.

 

Why are so many ATMs vulnerable?

Here is the uncomfortable truth. Many ATMs run on aging versions of Windows. Some machines have even displayed Windows 7 login screens. That operating system was released in 2009 and officially discontinued years ago.

Outdated software creates opportunity. If attackers find a vulnerability in the Windows operating system, they can exploit it across different ATM brands and financial networks. The FBI says these attacks are not tied to one specific bank or ATM manufacturer. Instead, they target common weaknesses shared across systems.

That makes the problem much bigger. And with hundreds of thousands of ATMs deployed across the U.S., upgrading and securing every machine will take time.

ATM jackpotting allows criminals to trigger withdrawals without a card by overriding the machine’s transaction software.

 

What banks are being told to do

The FBI has outlined several defensive steps for financial institutions:

  • Monitor ATMs for unauthorized files and suspicious executables
  • Disable USB ports to prevent malware loading
  • Replace generic locks with keypad systems
  • Add secondary alarms and enhanced physical security

These are practical fixes. But rolling them out nationwide is a slow process. Meanwhile, attackers continue to look for weak targets.

 

Why this still matters to you

You might be thinking this sounds like a bank problem, not a personal one. On the surface, that is true. Unlike scams that directly drain your account, ATM jackpotting targets financial institutions, not individual customers. But the impact does not stay contained.

When banks take losses from these attacks, they do not simply absorb the cost. They pass it through the system. Insurance may cover part of it, but premiums rise. Banks adjust pricing. Policies change. That is where it starts to hit you.

Higher ATM fees and account charges often follow. Withdrawal limits may tighten. Fraud monitoring becomes more aggressive, which can mean legitimate transactions get flagged or delayed.

At the same time, affected ATMs are taken offline during investigations or repairs. That reduces access to cash right when you need it. And because these attacks are often tied to broader criminal networks, their presence can signal increased fraud activity in your area, from skimming devices to phishing attempts.

The bottom line is simple. You may not be the direct target, but you are part of the system that absorbs the fallout. When cybercriminals hit banks, the ripple effects show up in your fees, your access to cash, and your day-to-day financial convenience.

Outdated operating systems inside many ATMs create vulnerabilities that hackers can exploit across different banks and brands.

 

How to protect yourself when using ATMs

While ATM jackpotting attacks primarily target banks, you can still take smart steps to protect yourself when using cash machines.

1) Use ATMs in well-lit, secure locations

Choose machines inside bank branches or in busy areas with foot traffic. These locations are more likely to be monitored and maintained.

2) Avoid late-night or isolated ATMs

Criminals need physical access to tamper with machines. High traffic areas during regular business hours reduce that risk.

3) Watch for unusual ATM behavior

If a machine suddenly reboots, freezes or behaves strangely, stop immediately. Do not insert your card. Report the issue to the bank right away.

4) Look for signs of tampering

Check for loose panels, exposed wiring or unusual attachments near the card slot or keypad. If something looks off, use a different machine.

5) Cover the keypad when entering your PIN

Shield your PIN with your hand as you type. This protects you from hidden cameras and shoulder surfers who may try to capture your code.

6) Set up real-time transaction alerts

Enable text or app notifications for withdrawals and account activity. Instant alerts help you act quickly if anything unexpected appears.

7) Check your bank statements regularly

Even though jackpotting bypasses customer accounts, fraud tactics evolve. Review your transactions often so you can catch unauthorized charges early.

8) Consider identity theft monitoring

Identity theft protection services can provide alerts about unusual financial activity across your accounts. Think of it as an added layer of awareness rather than a fix for ATM malware. Get my picks here.

Best identity theft protection services 2026

9) Use contactless or in-app ATM withdrawals

Many banks offer cardless access through secure mobile apps. This reduces exposure to skimming devices and physical tampering.

10) Keep your banking app updated

Install updates promptly to ensure you have the latest security patches and protections.

Staying alert lowers your risk and reinforces good habits, even when attackers are targeting financial institutions rather than individual customers.

 

 

Related Links: 

 

 

Kurt’s key takeaways

ATM jackpotting attacks reveal something important. Even familiar machines can hide modern vulnerabilities. Most of us rarely think about the software running inside a cash dispenser. Yet those systems rely on the same operating foundations as home and office computers. When they fall behind on updates, criminals notice. The FBI alert is not a reason to panic. It is a reminder that digital security touches nearly every part of daily life, even the simple act of withdrawing cash.

How much trust do you place in the technology you use every day without ever seeing how it works? Let us know in the comments below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2026 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.