Americans Lost Over $20 million in ATM “Jackpotting” Attacks
informationsecuritybuzz.comMalware-fuelled ATM “jackpotting” attacks are surging across the United States, with the FBI warning that incidents have spiked sharply in 2025.
In a recent alert, the Bureau said it has recorded around 1,900 ATM jackpotting incidents since 2020. Alarmingly, more than 700 of those cases (representing over $20 million in losses) have happened this year alone. The bureau is now urging financial institutions and ATM operators to review their security controls and implement stronger mitigation measures.
Bypassing Authentication Entirely
At the centre of many of these attacks is the Ploutus family of malware. Ploutus targets the eXtensions for Financial Services (XFS) layer, the software interface that tells an ATM what physical action to perform. In a legitimate transaction, the ATM application sends instructions through XFS for bank authorisation before dispensing cash. But if bad actors can issue their own commands to XFS, they can bypass authorisation entirely.
In effect ...
Copyright of this story solely belongs to informationsecuritybuzz.com . To see the full text click HERE