Crims hit a $20M jackpot via malware-stuffed ATMs

Thieves stole more than $20 million from compromised ATMs last year using a malware-assisted technique that the FBI says is on the uptick across the United States.

They are doing this through ATM jackpotting - a cyber-physical attack in which crooks exploit physical and software vulnerabilities in ATMs to deploy malware that instructs the machine to dispense cash on demand without bank authorization. Of the 1,900 such incidents reported since 2020, more than 700 occurred in 2025 alone, according to a Thursday security alert [PDF].

Crims typically gain initial access via generic keys that open the ATM face, and then infect the machine with malware, either removing the ATM's hard drive and copying malware onto it before putting it back into the machine, or simply replacing the hard drive with one that's preloaded with ATM jackpotting code.

Ploutus malware, which is commonly used in these attacks, exploits eXtensions ...