The Federal Bureau of Investigation has issued a new cybersecurity alert warning about a growing number of malware-enabled ATM jackpotting attacks across the United States.
In a FLASH report released on February 19, 2026, the agency said more than 700 incidents were recorded in 2025 alone, contributing to over 20 million dollars in losses. Since 2020, nearly 1,900 cases have been reported nationwide.
According to the FBI, attackers are using specialized malware, including the Ploutus family, to force ATMs to dispense cash without legitimate transactions. The malware targets the machine itself rather than customer bank accounts. It exploits the eXtensions for Financial Services software layer, which controls how ATMs communicate and carry out commands. Once installed, the malware can bypass bank authorization and directly instruct the ATM to release money, often within minutes.
Investigators say criminals usually gain physical access to ATMs by opening them with generic keys that can be purchased online. In many cases, they remove the hard drive, load malware onto it using another computer, and reinstall it. Some replace the original hard drive with a preloaded one. Because many ATMs run on Windows systems, attackers can manipulate the operating system to execute unauthorized commands.
The FBI shared several indicators of compromise, including suspicious executable files such as Newage.exe, Color.exe, Levantaito.exe, and WinMonitor.exe, along with abnormal Windows registry changes and unauthorized remote access tools like TeamViewer or AnyDesk. Physical warning signs may include unexpected door openings, USB device insertions, sudden low cash levels, or machines going out of service without explanation.
To reduce risk, the FBI recommends stronger physical security measures, hardware whitelisting, disk encryption, firmware integrity checks, enhanced logging, and strict audit policies. The agency also encourages financial institutions to validate ATM systems against verified “gold image” baselines to quickly detect unauthorized changes. Organizations are urged to report suspicious activity to their local FBI field office or through the Internet Crime Complaint Center.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
The alert highlights how ATM jackpotting remains a serious and evolving threat. As attackers refine their techniques, banks and ATM operators are being advised to strengthen both physical and digital defenses to prevent fast cash-out operations that can cause significant financial damage.
