- FBI reports $20 million stolen via ATM jackpots in US in recent years
- Criminals use Ploutus malware and generic keys to bypass ATM authorization
- 1,900 cases since 2020, with 700 incidents in 2025 alone
The FBI has warned that ATM jackpotting – physically breaking into an ATM to install malware and cause money to spill – is increasing across the United States.
The bureau claims that criminals have been able to steal more than $20 million this way, noting that they can open the ATM face using “widely available generic keys.”
Once opened, criminals remove the ATM's hard drive and do one of two things: either infect it with malware and reinstall it, or replace it with a different hard drive that already comes preloaded with malware.
Upward trend
In both cases, criminals would use the Ploutus malware variant, which exploits eXtensions for Financial Services (XFS), an open standard API commonly used by ATMs, PoS terminals, and other similar devices. The malware allows attackers to issue their own commands to XFS, bypassing authorizations and withdrawing money from ATMs.
“When a legitimate transaction occurs, the ATM application sends instructions through XFS for bank authorization,” the FBI explained.
“If a threat actor can issue their own commands to
ATM theft was first detected in 2020 and around 1,900 such cases have been reported since then. In 2025, 700 cases were reported, which translates to approximately 37% of all incidents.
It is also worth mentioning that in these attacks the bank customers are not the victims, but the banks themselves. Because attackers don't have people's cards, PIN codes, or bank account numbers, their funds remain intact.
Through The Registry
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
