Skip to main content

Secret Service warns of ‘jackpotting’ hackers targeting ATMs in the U.S.

Hackers targeting ATMs are usually relatively subtle. Sometimes they install a “skimmer” that collects hundreds of customer PINs that can be used to drain accounts remotely, or fraudulent cards that bypass security measures and dispense hundreds of dollars, even when there’s no money in the account.

But what if you could make an ATM simply spew out all the cash it had in a matter of seconds?

These types of attacks are known as “jackpotting,” and government officials are quietly warning ATM manufacturers and financial institutions that jackpotting hackers have been spotted targeting cash machines here in the U.S.

According to a Secret Service memo obtained by Krebs on Security, the agency has received information that cybercriminals are planning to use “cash-out crews” to target ATMs manufactured by Diebold Nixdorf. It cites a series of thefts over the past ten days and warn of possible upcoming attacks across the country.

“The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive-thru ATMs,” stated the alert. “During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM.”

The Secret Service alert says that criminals can use an endoscope — a device usually inserted into the human body during medical procedures — to look inside the ATM and find a place to connect their laptop to the internal mechanism.

Once connected, the criminals use a jackpotting malware program called Ploutus.D to remotely control the machine. “In previous Ploutus.D attacks, the ATM continuously dispensed at a rate of 40 bills every 23 seconds,” said the memo. The ATM is then emptied of cash in a matter of minutes.

The security firm FireEye first reported on Plotus attacks back in 2013 in Mexico, calling it a “technique that had never been seen before.”

If confirmed, these would be the first “jackpotting” attacks in the U.S. The Russian cyber firm Group IB previously reported similar attacks in Europe in 2016, as well as ATMs targeted in Thailand and Taiwan.

The ATM manufacturer confirmed to Reuters that it also issued a warning to banks and financial firms, but a Diebold Nixdorf spokesman declined to comment further or go into any detail about specific banks that had been targeted or how much cash had been lost.

Editors' Recommendations

This game lets hackers attack your PC, and you don’t even need to play it
Genshin Impact characters.

Hackers have been abusing the anti-cheat system in a massively popular game, and you don't even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game's anti-cheat measures in order to disable antivirus programs on the target machine. From there, they're free to conduct ransomware attacks and take control of the device.

Read more
Hackers found a way to access Gmail, Outlook, and Yahoo inboxes
how why email inbox to do app gmail

Iranian state-sponsored hackers have discovered ways to infiltrate the Gmail, Yahoo, and Outlook inboxes of at least two dozen high-profile users and download their content, according to a report from the Google Threat Analysis Group (TAG).

The government-backed group known as Charming Kitten originally developed a hacking tool called Hyperscape in 2020 and has used it to orchestrate the recent cyberattacks. TAG was able to get a hold of a version of this tool for analysis, TechRadar reported.

Read more
North Korean hackers are targeting crypto workers
A hand on a laptop in a dark surrounding.

Hackers believed to be associated with the North Korean-based cybercriminal group Lazarus have attempted yet another digital heist by targeting cryptocurrency firm deBridge Finance.

As reported by Bleeping Computer, deBridge operates as a “liquidity transfer protocol that allows decentralized transfer of data and assets” between multiple blockchain platforms.

Read more