MUST READ

FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025

 | 

Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions

 | 

PromptSpy abuses Gemini AI to gain persistent access on Android

 | 

Germany’s national rail operator Deutsche Bahn hit by a DDoS attack

 | 

U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs

 | 

Irish regulator probes X after Grok allegedly generated sexual images of children

 | 

Intellexa’s Predator spyware infected Angolan journalist’s device, Amnesty reports

 | 

French Ministry confirms data access to 1.2 Million bank accounts

 | 

Notepad++ patches flaw used to hijack update system

 | 

VS Code extensions with 125M+ installs expose users to cyberattacks

 | 

China-linked APT weaponized Dell RecoverPoint zero-day since 2024

 | 

U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog

 | 

Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign

 | 

SmartLoader hackers clone Oura MCP project to spread StealC malware

 | 

Polish cybercrime Police arrest man linked to Phobos ransomware operation

 | 

Poorly crafted phishing campaign leverages bogus security incident report

 | 

South Korea slaps $25M fine on Dior, Louis Vuitton, Tiffany over Salesforce breach

 | 

Encrypted RCS messaging support lands in Apple’s iOS 26.4 developer build

 | 

Hackers steal OpenClaw configuration in emerging AI agent threat

 | 

FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025

Pierluigi Paganini February 20, 2026

The FBI warns ATM jackpotting is rising nationwide, with over $20 million lost in 2025 and 1,900 incidents reported since 2020.

The FBI has warned of a sharp rise in ATM jackpotting attacks across the U.S., with losses exceeding $20 million in 2025 alone. Since 2020, about 1,900 incidents have been reported, including 700 last year. According to the Department of Justice (DoJ), total losses tied to jackpotting have reached roughly $40.7 million since 2021.

“The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate indicators of compromise (IOCs) and technical details associated with malware enabled ATM jackpotting.” reads the FLASH alert published by the FBI. “Threat actors exploit physical and software vulnerabilities in ATMs and deploy malware to dispense cash without a legitimate transaction.”

Criminals are deploying ATM jackpotting malware such as Ploutus to force cash machines to dispense money without authorization. The malware targets the eXtensions for Financial Services (XFS) layer, which controls ATM hardware. By sending rogue commands directly to XFS, attackers bypass bank approval and trigger withdrawals without cards or accounts. Once installed, Ploutus gives full control of the ATM, enabling fast cash-outs in minutes.

To infect machines, attackers usually gain physical access, open the cabinet with generic keys, and either copy malware onto the hard drive or replace it with a preloaded one. Exploiting Windows systems, the malware works across different ATM brands with minimal changes.

The Flash alert includes Indicators of Compromise (IOCs) for these attacks.

The jackpotting technique was first proposed by white-hat hacker Barnaby Jack in 2010.

Ploutus is one of the most sophisticated ATM malware that was first discovered in Mexico back in 2013. The malicious code allows crooks to steal cash from ATMs using either an external keyboard attached to the machine or by sending SMS messages.

In January 2018, experts at FireEye Labs discovered a new version of the Ploutus ATM malware, the so-called Ploutus-D, that works on the KAL’s Kalignite multivendor ATM platform.

FBI ATM jackpotting

The experts observed the Ploutus-D in attacks against ATM of the vendor Diebold, but the most worrisome aspect of the story is that minor changes to the malware code could allow Ploutus-D to target a wide range of ATM vendors in 80 countries.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ATM jackpotting)

ATM jackpotting Cybercrime Hacking hacking news information security news IT Information Security Jackpotting malware Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini February 20, 2026
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
Read more
Pierluigi Paganini February 20, 2026
PromptSpy abuses Gemini AI to gain persistent access on Android
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025

Cyber Crime / February 20, 2026

Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions

Cyber Crime / February 20, 2026

PromptSpy abuses Gemini AI to gain persistent access on Android

Artificial Intelligence / February 20, 2026

Germany’s national rail operator Deutsche Bahn hit by a DDoS attack

Breaking News / February 19, 2026

U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog

Hacking / February 19, 2026