ATMS remain a tempting target for jackpotting, and 2025 saw 700 machines cracked nationwide, a surprising spike that the FBI notes alongside around 1,900 incidents since 2020. The attacks cost banks more than $20 million in losses last year, highlighting how criminals continue to use familiar tools and tactics to siphon cash from cash machines.
In the same period, six Venezuelan nationals were charged with conspiring to deploy malware on ATMs, and since December 2025 US authorities have charged 93 individuals, including members of the Tren de Aragua group, which the US has designated as a Foreign Terrorist Organization, on charges related to ATM jackpotting. The maximum penalties upon conviction range from 20 years to 355 years in prison.
Ploutus, the malware tool cited by the FBI, has been used to manipulate ATMs by exploiting the XFS layer that ATM software relies on during legitimate transactions. Security professionals emphasise reducing physical access to ATMs, improving encryption and firmware integrity, and enforcing strict access controls to help mitigate these attacks.
According to the FBI, the threat remains driven by opportunistic exploitation of legacy systems and weak remote management, with attackers often bypassing bank authorisation to dispense cash rapidly.