The Federal Bureau of Investigation (FBI) has issued a critical alert regarding a surge in cyber-attacks on ATMs across the United States. On February 19, 2026, the FBI released a FLASH alert highlighting the widespread use of Ploutus malware, which allows criminals to exploit software vulnerabilities and gain unauthorized access to ATM machines, leading to significant financial losses.
Ploutus Malware: A Growing Threat
Ploutus has emerged as a significant threat to financial institutions, targeting the eXtensions for Financial Services (XFS), a critical software component in ATMs. This malware enables attackers to bypass the usual authorization process that verifies transactions with banks, allowing unauthorized cash withdrawals.
According to FBI analysts, there were over 700 incidents of such ‘jackpotting’ in 2025 alone, resulting in losses exceeding $20 million. These attacks represent a departure from traditional card data theft, as they involve directly manipulating the ATM hardware to dispense cash without the need for a bank card or account.
How Ploutus Operates
Access to the ATM’s internal systems is gained by physically opening the machine, often with generic keys. Once inside, attackers can either directly install the malware onto the hard drive or replace it with a compromised one. The malware operates through XFS, enabling it to interact with the hardware even when the ATM is offline.
Experts recommend vigilance for signs of infection, such as unexpected executable files or unauthorized remote access tools. The malware often uses common names for its services to avoid detection, making it crucial for ATM operators to monitor for anomalies rigorously.
Preventative Measures and Recommendations
The FBI emphasizes the importance of robust security measures to safeguard ATMs against Ploutus. Recommended actions include upgrading standard locks, installing tamper-evident sensors, and enhancing camera surveillance. In addition, enabling disk encryption and implementing hardware device whitelisting can provide further protection.
Regular validation of ATM software against a trusted gold image, along with targeted Windows auditing, is advised. These steps can help detect unauthorized activities, such as USB insertions and file modifications. Any suspected incidents of jackpotting should be promptly reported to local FBI offices or the Internet Crime Complaint Center (IC3).
Stay informed of the latest updates by following the FBI on platforms like Google News, LinkedIn, and X, and consider setting CSN as a preferred source for security news.
