Getting cash from an ATM is one of those everyday routines most people barely think about. But the latest FBI warning shows that the threat is no longer just stolen cards or skimmed account data. In many cases, criminals are going straight for the machine itself.
The FBI said on February 19 that more than 700 ATM “jackptting” incidents were reported in 2025 alone, with losses topping $20 million. Since 2020, the bureau has identified about 1,900 incidents across the country. That is a sharp number, and it points to a form of cybercrime that blends software intrusion with old-fashioned physical access.
How malware like Ploutus is changing the threat for banks
So what is “jackpotting,” exactly? It happens when criminals install malware on an ATM and force it to spit out cash without a bank card, customer account, or bank approval.
The FBI said one of the main tools is the “Ploutus” malware family, which exploits the software layer that tells the ATM what to do. In practical terms, that means a criminal can bypass normal authorization and make the machine behave like a cash dispenser on command.
That is what makes this case different from the fraud many bank customers worry about. The attack is aimed at the ATM, not the account holder. For the most part, that means customers are not the direct victims, but banks, credit unions, and ATM operators are left facing rapid losses that can unfold in minutes.
And yes, that can still ripple outward through service interruptions, repairs, and tighter security at the machine on your street corner.
Recent federal cases show how broad the ATM jackpotting network has become
The Justice Department has also tied recent cases to a much broader criminal network. In late January, federal prosecutors announced an additional indictment in Nebraska linked to a nationwide ATM jackpotting conspiracy.
Then on February 20, prosecutors said six more defendants had been charged, bringing the total number of charged defendants in that investigation to 93. Prosecutors allege the scheme used malware to steal millions from financial institutions across the United States.
Why ATM cybersecurity matters beyond the machine itself
The bigger takeaway is hard to miss. ATMs are no longer just pieces of bank hardware. They are computers sitting in public, and that makes them exposed in ways that feel uncomfortably modern.
That is why the FBI is urging operators to harden physical locks, monitor USB activity, restrict remote access, and preserve logs that might reveal tampering. Small details matter here. A generic key, a swapped hard drive, a machine suddenly going offline. That can be the whole story.
Also Read: Treasury moves to end IRS union contracts
And the concern does not stop at cash. As more of the physical world becomes connected, from sensors in vehicles to software in public infrastructure, the line between street crime and cybercrime keeps getting thinner. Even the technology meant to make systems more efficient can, in the wrong hands, become a weak point.
The official statement was published on IC3.
