ATM Malware



The below list is not exhaustive and is meant to provide an overview of the most prevalent ATM malware variants impacting US victims. This page is updated regularly with new information.

What is ATM Malware?

ATM malware is malicious software designed to compromise automated teller machines (ATMs) by exploiting vulnerabilities in the machine’s hardware or software. ATM malware is used to commit a crime known as “jackpotting” in which attackers install malware that forces ATMs to dispense large amounts of cash on command. ATM malware can also be used to steal financial information captured at ATM terminals, such as payment card numbers and PIN codes.

how are ATMs infected?

The installation of ATM malware typically requires physical access to an ATM via the machine’s USB port or CD-ROM drive. However, some advanced attacks involve compromising the bank’s internal network in order to install malware on ATM machines without physical access.


  • Keep device hardware and software updated with the latest version and patches.
  • Limit network and physical access to an ATM’s ports.
  • Secure the head compartment of the ATM using appropriate locking mechanisms.

  • Implement access control for service technicians based on multi-factor authentication.

  • Monitor access to ATM machines and report suspicious activity to your local police department as soon as possible.

incident reporting

If you or your organization is the victim of an ATM malware infection, please report it to the NJCCIC using the Cyber Incident Reporting form on our website. Victims can also report incidents via email at or phone at 609.963-6900 extension 7865..