Most ATMs are running on Windows XP operating system, which is highly vulnerable to Malware attacks. Some ATMs also have USB sockets which is hidden behind the fascia. Malware allows thieves to create a unique interface on the ATMs by typing in a 12-digit code. This interface allowed for withdrawal and showed the amount of money and each bill denomination inside the machines. The malware does not appear to harvest customer PINs or other sensitive data. Some banks have upgraded ATMs to prevent them from booting from external USB drives.
Source: https://thehackernews.com/2014/01/hacking-ATM-machine-Malware-USB-Drive.html