Experts spotted a Java ATM malware that was relying on the XFS (EXtension for Financial Service) API to jackpot the infected machine. The malware makes extensive use of Java Instrumentation techniques in order to manipulate the control flow of a legit Java-based ATM management software. It deploys an HTTP server which acts as an interface between the attacker and the ATM under attack. In the following figure it is possible to see a hardcoded IP address 150.100.248[.]18 which will be used later.”]
Source: https://securityaffairs.co/wordpress/89125/malware/java-atm-malware.html