ATM “Jackpotting” Is Back and It’s Becoming a Real Criminal Business

A once famous hacker conference demo has become a large-scale crime trend.

According to a recent TechCrunch report citing an FBI bulletin, ATM “jackpotting” attacks surged in 2025, with more than 700 attacks and at least $20 million in stolen cash. In these attacks, criminals don’t drain customer bank accounts directly — they compromise the ATM itself and force it to dispense cash.

The technique combines physical tampering (like using generic keys to open ATM panels or accessing internal drives) with malware based control. The FBI specifically highlighted Ploutus, malware that can take over ATM functions by targeting the Windows-based systems and the XFS software layer many machines use to communicate with components like the keypad, card reader, and cash dispenser.

Why this matters: jackpotting is a reminder that “old” infrastructure can still be a high-value target.

ATMs are deeply embedded in financial operations, and many still rely on legacy software stacks and hardware interfaces that attackers understand well. The attacks are also fast the FBI notes they can happen in minutes and may be hard to detect until after cash is gone.

This is niche tech news, but it has broad implications: as banks modernize apps and online services, physical banking tech remains a weak point that attackers continue to exploit.

Authur: Jamie Rina