The Federal Bureau of Investigation (FBI) has issued a cybersecurity alert warning the public of the increasing malware attacks on ATMs. According to the FBI FLASH document (PDF), threat actors are breaking into these machines using generic keys to open their maintenance cabinets. They remove the storage drive, load malware onto it—or replace it with a compromised one—and then reboot the machine to load the payload.
Ploutus is one malware used in these types of attacks, in which it exploits the eXtensions for Financial Services (XFS) software. ATMs use XFS to communicate with the bank network to authorize every transaction, but Ploutus overrides this and issues its own commands to XFS. This allows attackers to take over the machines and make withdrawals without a card or account, essentially forcing the machine to just dispense money.
This type of attack is called “jackpotting,” and the agency said that out of the 1,900 reported attacks since 2020, 700, or more than a third, happened last year alone. Furthermore, losses from just 2025 are already over $20 million.
But given that there are hundreds of thousands of ATMs deployed within the U.S. Alone, we expect these recommendations will take time to be implemented. Thankfully, the general public isn’t directly affected by these attacks, unlike Bitcoin ATM fraud, which reported losses of $333 million to private individuals. However, this still needs to be addressed as soon as possible, as it makes everything more expensive for everyone, as the banks or insurance companies will eventually have to pass on these losses to the everyday consumer.
Follow 3DTested on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.
