The FBI is reporting a major rise in hackers using malware to steal funds from ATMs.
ATM jackpotting incidents, which involve manipulating the machines into dispensing cash, shot up across the US last year, the agency said in a public alert. “Out of 1,900 ATM jackpotting incidents reported since 2020, over 700 of them with more than $20 million in losses occurred in 2025 alone,” the FBI says.
In the past, hackers have delivered malware—including Ploutus, which has been around for over a decade—by opening the ATM’s casing and manually inserting a USB drive or even a CD. The most recent string of thefts has involved “opening an ATM face with widely available generic keys.” The criminals will then remove the machine’s hard drive and copy the malware to it. Or they’ll insert their own hard drive or external device loaded with the malware to initiate the jackpotting.
“Ploutus attacks the ATM itself rather than customer accounts, enabling fast cash-out operations that can occur in minutes and are often difficult to detect until after the money is withdrawn,” the alert adds.
In addition, Ploutus can bypass the bank authorization process and instruct the ATM to dispense cash on demand. “As a result, Ploutus allows threat actors to force an ATM to dispense cash without using a bank card, customer account, or bank authorization,” the agency added.
The FBI’s alert includes technical details, such as file and program names, about what banks should look for when scrutinizing their ATMs for possible signs of tampering. The agency is also urging ATM providers to consider changing standard locks, reinforcing casings, and implementing other security measures.
The FBI released the alert after the Justice Department in December charged 54 individuals, some connected with the Venezuelan gang Tren de Aragua, for draining millions from ATMs across the US by using the Ploutus malware.
“These groups would conduct initial reconnaissance and take note of external security features at the ATMs,” federal officials said. “Following this reconnaissance, the groups would open the hood or door of ATMs and then wait nearby to see whether they had triggered an alarm or a law enforcement response.”
The suspects also “committed or attempted to commit at least 63 ATM jackpottings of the victim banks,” and targeted “at least 54 ATM jackpottings of the victim credit unions,” according to the indictment. “The overall loss to the Victim Financial Institutions was at least approximately $5,401,181, and at least an additional $1,429,738 was attempted.”
About Our Expert
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
-
Colorado Lawmakers Push for Age Verification at the Operating System Level
-
Trump Slams ‘Terrible’ Supreme Court Decision, Tips ‘Potentially Higher’ Tariffs
-
Supreme Court Kills Trump’s Reciprocal Tariffs. Will Companies Get Reimbursed?
-
3 Silicon Valley Engineers Arrested, Allegedly Sent Trade Secrets to Iran
-
California Lawmaker Wants to Hardcode 3D Printers With ‘Firearm Blocking’ Tech
-
More from Michael Kan
