ATM jackpotting attacks on the rise in the US
NEWNow you can listen to News articles!
You swipe your card and enter your PIN. You grab your cash and walk out the door. It feels routine and safe. Most of us never think twice about it. However, some ATMs are quietly becoming ATMs for criminals.
The Federal Bureau of Investigation recently issued a cybersecurity alert about an increase in malware attacks targeting ATMs. These incidents are known as jackpotting attacks. In simple terms, hackers force machines to spit out money on command.
The numbers are growing. Since 2020, almost 1,900 attacks have been reported. More than a third occurred just last year. In 2025 alone, losses have already exceeded $20 million. So what is really happening inside these machines and why is the threat accelerating now?
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
HOW DEBIT CARD FRAUD CAN OCCUR WITHOUT USING THE CARD
The FBI is warning of a rise in ATM “jackpotting” attacks, in which hackers force machines to dispense cash using malware. (TIM SLOAN/News via Getty Images)
How ATM Jackpotting Attacks Work
This is not a Hollywood hacking scene. In many cases, attackers use generic keys to open the ATM maintenance cabinet. Once inside, they remove the storage unit. They then load malware onto it or swap it out for a compromised one.
After rebooting the machine, the malicious software takes control. One of the most used tools is a malware strain called Ploutus. Their target is software known as XFS, which ATMs use to communicate with banking networks and authorize transactions.
Instead of asking the bank for permission, the malware overrides that process. Send your own commands to the machine. The result? The ATM dispenses cash with no card, no account, and no legitimate transaction. That’s making money.
Why are so many ATMs vulnerable?
Here’s the uncomfortable truth. Many ATMs run on older versions of Windows. Some machines have even shown Windows 7 login screens. That operating system was released in 2009 and officially discontinued years ago.
Outdated software creates opportunities. If attackers find a vulnerability in the Windows operating system, they can exploit it in different brands of ATMs and financial networks. The FBI says these attacks are not linked to a specific bank or ATM manufacturer. Instead, they point to common weaknesses shared between systems.
That makes the problem much bigger. And with hundreds of thousands of ATMs deployed across the United States, updating and securing each machine will take time.
FEDS CHARGE 87 INDIVIDUALS IN MASSIVE ‘JACKPOTTING’ OPERATION AT ATM LINKED TO THE ARAGUA TRAIN GANG
Since 2020, almost 1,900 ATM jackpotting attacks have been reported, with losses that will exceed $20 million in 2025 alone. (Robert Alexander/Getty Images)
What banks are told to do
The FBI has outlined several defensive measures for financial institutions:
- Monitor ATMs for unauthorized files and suspicious executables.
- Disable USB ports to prevent malware loading
- Replace generic locks with keypad systems
- Add secondary alarms and enhanced physical security
These are practical solutions. But rolling them out nationwide is a slow process. Meanwhile, attackers continue to look for weak targets.
Why does this still matter to you?
You may be thinking this seems like a banking problem, not a personal one. Technically, consumers are not the direct victims in these cases. Unlike Bitcoin ATM scams that have cost people hundreds of millions, jackpotting attacks hit financial institutions. However, there is a domino effect.
When banks lose money, insurance companies pay claims. In the end, those costs appear somewhere. Higher rates. Increased service charges. Stricter policies. In the end, everyday customers absorb the impact. Cybercrime rarely stays contained.
HOW TO SECURELY VIEW YOUR BANK AND RETIREMENT ACCOUNTS ONLINE
Cybercriminals are taking advantage of outdated ATM software to override banking controls and cause unauthorized cash withdrawals. (Justin Sullivan/Getty Images)
How to protect yourself when using ATMs
While ATM jackpotting attacks primarily target banks, you can still take smart steps to protect yourself when using ATMs.
1) Use ATMs in safe, well-lit locations
Choose machines inside bank branches or in busy areas with foot traffic. These locations are more likely to be monitored and maintained.
2) Avoid late-night or isolated ATMs
Criminals need physical access to manipulate the machines. High traffic areas during regular business hours reduce that risk.
3) Be on the lookout for unusual behavior at ATMs
If a machine suddenly restarts, freezes, or behaves strangely, stop it immediately. Do not insert your card. Report the problem to the bank immediately.
4) Look for signs of tampering
Check for loose panels, exposed wiring, or unusual accessories near the card slot or keyboard. If something seems strange, use a different machine.
5) Cover the keyboard when entering your PIN
Protect your PIN with your hand while you type. This protects you from hidden cameras and surfers who may try to capture your code.
6) Set up real-time transaction alerts
Enable text or app notifications for withdrawals and account activity. Instant alerts help you act quickly if something unexpected appears.
7) Check your bank statements periodically
Although the jackpot bypasses customer accounts, fraud tactics evolve. Review your transactions frequently so you can catch unauthorized charges early.
8) Consider monitoring for identity theft
Identity theft protection services can provide alerts about unusual financial activity on your accounts. Think of it as an additional layer of awareness rather than a solution to ATM malware. See my tips and top picks for the best identity theft protection at Cyberguy.com.
9) Use contactless or in-app ATM withdrawals
Many banks offer cardless access through secure mobile apps. This reduces exposure to skimming devices and physical manipulation.
10) Keep your banking application updated
Install updates quickly to ensure you have the latest security patches and protections.
Staying vigilant reduces risk and reinforces good habits, even when attackers target financial institutions rather than individual customers.
Kurt’s Key Takeaways
ATM jackpotting attacks reveal something important. Even the most well-known machines can hide modern vulnerabilities. Most of us rarely think about the software that runs inside a cash dispenser. However, those systems are based on the same operating fundamentals as home and office computers. When updates are late, criminals notice. The FBI alert is no cause for panic. It’s a reminder that digital security affects almost every aspect of daily life, including the simple act of withdrawing cash.
How much trust do you place in the technology you use every day without even seeing how it works? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE News APP
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
Copyright 2026 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and gadgets that improve lives with his contributions to News and News Business since mornings on “News & Friends.” Do you have any technical questions? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.