Overview
- Since 2020, about 1,900 jackpotting incidents have been reported in the U.S., with more than 700 in 2025 alone, the FBI says.
- Criminals commonly use generic maintenance keys to open ATM cabinets, then remove or swap hard drives to load malware before rebooting the machine.
- Ploutus targets the XFS layer on Windows-based ATMs to issue direct hardware commands, enabling cross-vendor cashouts without accessing customer accounts.
- The FBI alert lists digital and physical indicators of compromise and advises steps such as changing standard locks, adding sensors and cameras, enforcing allowlisting, auditing logs, and validating gold images.
- Law enforcement actions continue alongside the alert, with the Justice Department charging members of organized groups tied to large Ploutus schemes, including Tren de Aragua.