Tools like the Ploutus family are often used to override the machine's software. By bypassing bank authorizations, the malware sends a direct command through the XFS (eXtensions for Financial Services) layer—the software that physically tells the machine to move its gears and dispense bills. Why It Surged in 2022
The uptick in these "logical attacks" around 2022 was driven by several factors: Tools like the Ploutus family are often used
is a high-tech heist where criminals take physical control of an ATM to force it to "spit out" all its cash. Unlike traditional skimming, which steals your personal data, jackpotting targets the bank's own money directly by manipulating the machine's "brain". The "Grinder and Computer" Technique Unlike traditional skimming
In 2022, law enforcement and security firms noted a shift in how these attacks were carried out, often involving a mix of heavy tools and specialized tech: which steals your personal data
Many machines still ran on outdated operating systems like Windows XP or Windows 7 , which have known vulnerabilities that hackers can exploit once they have physical access.
Once they reach the internal electronics, they use a laptop or a "black box" (like a Raspberry Pi) to connect directly to the ATM's cash dispenser.