ATM Jackpotting Goes Global as Hackers Use Malware to Empty Cash Machines

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

ATM Jackpotting Goes Global as Hackers Use Malware to Empty Cash Machines

Dozens of suspects face charges after investigators uncover a coordinated malware campaign that forced ATMs to dispense cash on demand.

A large-scale ATM jackpotting operation has been exposed after investigators uncovered a coordinated campaign that used malware to remotely control ATM machines and drain cash.

Authorities have now expanded the case, charging dozens of additional individuals connected to a transnational criminal network that blended physical access with cyber techniques to steal millions from financial institutions.

How the ATM Jackpotting Attacks Worked

The attackers relied on Ploutus malware, a well-known ATM threat that enables direct control over cash-dispensing functions.

According to investigators, the operation followed a repeatable playbook:

Attackers opened ATM housings after hours
Malware was installed via hard drive replacement or USB devices
Alarm responses were monitored before activation
The malware forced ATMs to dispense cash continuously
Logs and evidence were deleted to slow detection

This approach allowed rapid theft while minimizing on-site time.

Organized Cybercrime Meets Physical Access

Many of the accused individuals are linked to Tren de Aragua, a criminal network that has expanded from traditional crime into technology-enabled financial attacks.

Investigators say the group used malware expertise, coordination, and money-laundering networks to scale the operation across multiple banking environments.

Why ATM Jackpotting Remains Effective

Despite modern banking defenses, ATM jackpotting continues to succeed because:

Many ATMs still run legacy operating systems
Physical access controls remain inconsistent
Malware can operate offline, bypassing network security
Detection often occurs after cash is already gone

Once installed, jackpotting malware turns an ATM into a cash vending machine for attackers.

Financial Impact and Legal Fallout

Prosecutors allege that:

Millions in cash were stolen
Proceeds were split using predefined sharing rules
Funds were moved internally to launder profits

In total, 87 individuals have now been charged, with potential prison sentences ranging from decades to life imprisonment if convicted.

What This Means for Banks and ATM Operators

This case reinforces a growing reality:

Cyber threats are no longer purely digital
Physical access + malware = high-impact financial loss
ATM security must include tamper detection, behavioral monitoring, and rapid response

Institutions that treat ATMs as legacy infrastructure rather than critical cyber assets remain exposed.

Over 20,000 Instagram Accounts Hijacked Through Meta AI Support Flaw

Nottingham University Data Breach Exposes Records of More Than 450,000 Students

DragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Infrastructure

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

Anthropic Unveils Claude Fable 5 with Built-In Cyber Safeguards as AI Security Enters a New Era

ATHR AI Vishing Platform Automates Voice Phishing at Scale

How Modern Businesses Can Measure Cyber Risk in Financial and Operational Terms Instead of Technical Guesswork

What Is Wiper Malware in Cybersecurity? Understanding One of the Most Destructive Types of Cyber Attacks

Why Delaying Software Updates Can Put Your Entire Digital Security at Risk

How Attackers Abuse Legitimate Windows Tools: Understanding LOLBins and Living-Off-the-Land Attacks

Brave Launches Paid ‘Origin’ Browser for Users Seeking a Cleaner, Privacy-First Experience

Apple Blocks $11 Billion in App Store Fraud as Mobile Threats Continue to Rise

ATM Jackpotting Goes Global as Hackers Use Malware to Empty Cash Machines