In 2010, famed security researcher Barnaby Jack spectacularly hacked into an ATM on stage at the Black Hat security conference, forcing it to spit out wads of cash in front of an astonished audience.
More than a decade later, ATM jackpotting—as it’s called—has broken out of the realm of theoretical security research into big business and the criminal world.
According to a new security bulletin released by the FBI, hackers have rapidly ramped up their attacks in recent years, with more than 700 attacks on ATMs in 2025 alone netting hackers at least $20 million in stolen cash.
In a bulletin, the FBI says hackers use a combination of physical access to ATMs, such as generic keys to unlock front panels and access hard drives, and digital tools, such as planting malware that can force ATMs to quickly dispense cash.
The FBI warned that one particular piece of malware, known as Ploutus, is affecting various ATM manufacturers and ATMs by targeting the underlying Windows operating system that powers many ATMs. Ploutus gives hackers full control over a compromised ATM, allowing them to issue instructions capable of causing the machine to dispense notes without having to draw funds from customer accounts.
Ploutus uses the Financial Services Extension or XFS software that ATMs rely on to communicate with various other hardware components such as the PIN keypad, card reader and the all-important cash dispensing unit.
“Ploutus attacks the ATM itself rather than customer accounts, allowing for quick withdrawals that can take place in minutes and are often difficult to detect until the money is withdrawn,” the FBI bulletin said.
Security researchers have previously identified problems with the XFS software, which allows hackers to trick ATMs into dispensing cash.
Updated opening paragraph to change date.