"The jackpotting attacks involve the use of specialized malware, such as Ploutus, to infect ATMs and force them to dispense cash. In most cases, cybercriminals have been observed gaining unauthorized access to the machines by opening an ATM face with widely available generic keys. There are at least two different ways by which the malware is deployed: Removing the ATM's hard drive, followed by either connecting it to their computer, copying it to the hard drive, attaching it back to the ATM, and rebooting the ATM,"
"Regardless of the method used, the end result is the same. The malware is designed to interact directly with the ATM hardware, thereby getting around any security controls present in the original ATM software. Because the malware does not require a connection to an actual bank card or customer account to dispense cash, it can be used against ATMs of different manufacturers with little to no code changes, as the underlying Windows operating system is exploited during the attack."
ATM jackpotting incidents rose nationwide, producing losses exceeding $20 million in 2025. A total of 1,900 incidents have been reported since 2020, including 700 in the last year, and roughly $40.73 million has been lost to jackpotting attacks since 2021. Threat actors exploit physical and software vulnerabilities in ATMs and deploy specialized malware such as Ploutus to dispense cash without legitimate transactions. Attackers often gain access by opening ATM faces with generic keys. Malware deployment commonly involves removing and reloading or replacing ATM hard drives; the malware interacts with ATM hardware and exploits Windows to operate across manufacturers.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]