Skip to main content
  1. Home
  2. Computing
  3. Business
  4. Emerging Tech
  5. News

Secret Service warns of ‘jackpotting’ hackers targeting ATMs in the U.S.

Add as a preferred source on Google

Hackers targeting ATMs are usually relatively subtle. Sometimes they install a “skimmer” that collects hundreds of customer PINs that can be used to drain accounts remotely, or fraudulent cards that bypass security measures and dispense hundreds of dollars, even when there’s no money in the account.

But what if you could make an ATM simply spew out all the cash it had in a matter of seconds?

Recommended Videos

These types of attacks are known as “jackpotting,” and government officials are quietly warning ATM manufacturers and financial institutions that jackpotting hackers have been spotted targeting cash machines here in the U.S.

According to a Secret Service memo obtained by Krebs on Security, the agency has received information that cybercriminals are planning to use “cash-out crews” to target ATMs manufactured by Diebold Nixdorf. It cites a series of thefts over the past ten days and warn of possible upcoming attacks across the country.

“The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive-thru ATMs,” stated the alert. “During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM.”

The Secret Service alert says that criminals can use an endoscope — a device usually inserted into the human body during medical procedures — to look inside the ATM and find a place to connect their laptop to the internal mechanism.

Once connected, the criminals use a jackpotting malware program called Ploutus.D to remotely control the machine. “In previous Ploutus.D attacks, the ATM continuously dispensed at a rate of 40 bills every 23 seconds,” said the memo. The ATM is then emptied of cash in a matter of minutes.

The security firm FireEye first reported on Plotus attacks back in 2013 in Mexico, calling it a “technique that had never been seen before.”

If confirmed, these would be the first “jackpotting” attacks in the U.S. The Russian cyber firm Group IB previously reported similar attacks in Europe in 2016, as well as ATMs targeted in Thailand and Taiwan.

The ATM manufacturer confirmed to Reuters that it also issued a warning to banks and financial firms, but a Diebold Nixdorf spokesman declined to comment further or go into any detail about specific banks that had been targeted or how much cash had been lost.

Mark Austin
Former Digital Trends Contributor
Mark’s first encounter with high-tech was a TRS-80. He spent 20 years working for Nintendo and Xbox as a writer and…
Russian hackers keep finding their way into critical networks through neglected routers
A multinational warning says outdated firmware, weak passwords, and insecure settings are giving state-backed attackers an easy opening
A Wi-Fi router next to a laptop.

Russian state-backed hackers have spent more than a decade exploiting a stubborn weakness in critical infrastructure networks. Organizations are still leaving poorly configured and outdated routers exposed to the internet.

In a joint cybersecurity advisory, the NSA, CISA, FBI, and international partners warn that hackers linked to Center 16 of Russia’s Federal Security Service are continuing to target vulnerable networking equipment. Energy, healthcare, and government networks are among the sectors facing the highest risk.

Read more
Canva Code 2.0 just made vibe coding way less intimidating for everyone
Canva Code 2.0 feature

Coding used to be reserved for developers who spent years learning complex languages. That has slowly changed with vibe coding, which lets you build apps and websites using simple, plain-language prompts. 

The problem is that most of these tools still feel intimidating for regular folks, as they still need to understand the code to make any meaningful changes. If not, everything you make tends to look the same.

Read more
Windows users can finally pick when updates stop with Microsoft’s latest patch
From pausing updates on your own schedule to rolling back a broken PC in one click, here's everything new in Windows 11's July 2026 update.
Windows 11 Laptop

Patch Tuesday updates are usually a shrug-and-install affair, but Microsoft's July 2026 release actually gives you something to be excited about.

You can grab this update, tagged KB5101650, right now through Settings, or manually via the Microsoft Update Catalog if you'd rather not wait for it to roll out.

Read more