In 2010, the famed security researcher Barnaby Jack spectacularly hacked into an ATM cash machine on stage at the Black Hat security conference, forcing it to spit out reams of bank notes in front of an awestruck audience. More than a decade later, ATM jackpotting has broken free from the realms of theoretical security research into big business in the criminal world.
According to a new security bulletin issued by the FBI, hackers have rapidly ramped up their attacks in recent years. There were more than 700 attacks on cash dispensers during 2025 alone, netting criminals at least $20 million in stolen cash.
The FBI says hackers are using a mix of physical and digital tools. They gain physical access to ATM machines using generic keys to unlock front panels and access hard drives. Digitally, they plant malware that can force ATMs to rapidly dispense cash in a flash.
The FBI warned that one particular malware, known as Ploutus, affects a variety of ATM manufacturers and cash dispensers by targeting the underlying Windows operating system that powers many machines. Ploutus grants hackers full control over a compromised ATM, allowing them to issue instructions that trick the dispenser into releasing notes without drawing funds from customer accounts.
This malware takes advantage of extensions for financial services, or XFS software, which ATMs rely on to communicate with various hardware components like the PIN keypad, the card reader, and the cash dispensing unit.
“Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn,” states the FBI bulletin.
Security researchers have previously found issues with XFS software that can allow hackers to trick ATMs into dispensing cash.