UrsaClimb Logo

FBI: Over $20 million stolen in surge of ATM malware attacks in 2025

Bleeping Computer
by Sergiu Gatlan
February 20, 2026
AI-Generated Deep Dive Summary
The FBI has issued a warning about a significant surge in ATM "jackpotting" attacks, where criminals use malware to steal money directly from cash machines. In 2025 alone, over $20 million was stolen through such attacks, with more than 700 incidents reported—a sharp increase compared to the approximately 1,900 incidents across the U.S. since 2020. These attacks exploit vulnerabilities in ATM software, bypassing bank authorization and allowing criminals to dispense cash on demand. The malware, often referred to as Ploutus, targets the eXtensions for Financial Services (XFS), a layer of software that controls an ATM's physical actions. Attackers gain access by using generic keys to physically tamper with ATMs, replacing their hard drives with malware-infested ones or installing malicious software directly. This enables criminals to issue unauthorized commands, triggering cash dispersions without needing a bank card or approval. To combat these threats, the FBI recommends financial institutions audit their ATM systems for signs of unauthorized hardware changes and ensure the integrity of their software images. These measures can help detect intrusions early, as network-based monitoring alone may miss such activities. Recent law enforcement efforts have led to the arrest of 87 members of the Tren de Aragua gang, who used Ploutus malware in extensive ATM jackpotting schemes across the U.S. This issue highlights critical vulnerabilities in financial infrastructure and underscores the importance of robust cybersecurity measures. For readers concerned with security, understanding these threats is crucial for safeguarding financial systems and maintaining public trust. The rise of such attacks not only poses a direct threat to monetary assets but also challenges the reliability of banking technologies on which modern economies heavily rely. Addressing these vulnerabilities is essential to protect both institutions and individuals from escalating cybercrimes.
Verticals
securitytech
Originally published on Bleeping Computer on 2/20/2026