While simple in its core functionality, WinPot -- named internally by Kaspersky as ATMPot -- is designed to compromise the ATMs of an unnamed but popular vendor and force these machines to empty their cassettes of all funds. Time has been spent on making the interface look like a slot machine, which is most likely a reference to "ATM jackpotting" -- a term used to describe the compromise of ATMs themselves. WinPot displays similarities to Cutlet Maker, malware which needs to be loaded onto a flash drive and plugged into a USB port on in an ATM, made accessible through drilling. Once loaded, the malicious code cracks the system while a simulator finds ATM cassettes and mimics transactions to force the machine to dispense its available funds. While many forms of ATM malware have the same core functionality -- given the rather basic, unsophisticated systems in which cash dispensers generally operate -- threat actors are continually innovating to overcome barriers designed to slowly improve the security posture of ATMs. The former will block the USB path of implanting the malware directly into the ATM PC, while the latter will prevent execution of unauthorized software on it."