Ethical Hacking News
The FBI has issued a warning about a surge in ATM malware attacks, with over $20 million stolen from American banks. The attacks use malicious software to force cash machines to dispense money, highlighting the ongoing threat posed by cybercrime.
There has been a surge in ATM malware attacks resulting in over $20 million being stolen from American banks. More than 700 ATM jackpotting incidents were reported last year alone, compared to roughly 1,900 total incidents across the US since 2020. The Ploutus malware exploits the eXtensions for Financial Services (XFS) layer of software, allowing attackers to bypass bank authorization and steal cash from ATMs. Financial institutions must take proactive steps to protect their systems and prevent unauthorized access, including implementing robust security measures and conducting regular audits. Individuals can protect themselves against ATM malware attacks by being cautious when using ATMs, staying up-to-date on the latest security patches and software updates, and educating employees on the risks posed by these attacks.
The Federal Bureau of Investigation (FBI) has issued a warning about a surge in ATM malware attacks that have resulted in over $20 million being stolen from American banks. The attacks, which involve using malicious software to force cash machines to dispense money, have seen a significant spike in recent years.
According to the FBI's latest flash alert, more than 700 ATM jackpotting incidents were reported last year alone, compared to roughly 1,900 total incidents across the United States since 2020. These attacks can be carried out in minutes and target the software layer controlling an ATM's physical hardware, using malicious tools such as the Ploutus malware.
Most often, these attacks go undetected by financial institutions and ATM operators until the cash is already gone. However, the FBI has been working to raise awareness about these types of attacks and provide guidance on how to defend against them.
"Cash machines are designed to verify transactions through their bank before dispensing cash," explained the FBI. "However, Ploutus malware exploits the eXtensions for Financial Services (XFS), the layer of software that instructs an ATM what to physically do. When a legitimate transaction occurs, the ATM application sends instructions through XFS for bank authorization."
If a threat actor can issue their own commands to XFS, they can bypass bank authorization entirely and instruct the ATM to dispense cash on demand. To install the malware, attackers usually gain physical access to the targeted ATM using widely available generic keys.
Once inside, they remove the machine's hard drive, copy malware onto it and reinstall it, or even swap the original drive out entirely for another one preloaded with the malicious software.
To defend against these attacks, the FBI encouraged financial institutions to audit their ATM systems for signs of unauthorized removable storage use and unauthorized processes. "When combined with gold image integrity validation, this approach enables early identification of physical intrusion and malware staging events that would otherwise evade network-based monitoring," said the law enforcement agency.
The FBI's warning comes after a wave of arrests targeting members of the Tren de Aragua (TdA) gang, all linked to a massive ATM jackpotting scheme that used Ploutus malware to steal millions in cash from bank ATMs across the United States. In total, the U.S. Department of Justice has charged 87 Tren de Aragua members over the past six months, who are now facing maximum prison terms ranging from 20 to 335 years each.
This surge in ATM malware attacks highlights the ongoing threat posed by cybercrime and the importance of staying vigilant against these types of attacks. Financial institutions and individuals must remain aware of the risks and take steps to protect themselves against these types of threats.
In recent months, there have been several high-profile incidents of ATM malware attacks, with millions of dollars being stolen from banks across the United States. The FBI's warning serves as a reminder that these types of attacks are ongoing and pose a significant threat to financial institutions and individuals alike.
The use of Ploutus malware in these attacks has made it easier for attackers to bypass bank authorization and steal cash from ATMs. The malware exploits the eXtensions for Financial Services (XFS) layer of software, which instructs an ATM what to physically do.
To defend against these types of attacks, financial institutions must take proactive steps to protect their systems and prevent unauthorized access. This can include implementing robust security measures, such as encryption and secure communication protocols, as well as conducting regular audits to identify potential vulnerabilities.
Individuals can also take steps to protect themselves against ATM malware attacks. This can include being cautious when using ATMs and avoiding any that appear to be tampered with or show signs of unusual activity.
In addition, financial institutions should stay up-to-date on the latest security patches and software updates, as well as educate their employees on the risks posed by ATM malware attacks.
The FBI's warning serves as a reminder that cybercrime is a significant threat and that individuals and financial institutions must remain vigilant against these types of attacks. By taking proactive steps to protect themselves and staying informed about the latest threats, individuals and organizations can help prevent the spread of ATM malware attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/FBI-Warns-of-Rise-in-ATM-Malware-Attacks-Over-20-Million-Stolen-ehn.shtml
Published: Fri Feb 20 05:08:34 2026 by llama3.2 3B Q4_K_M
