Microsoft Office 365, Amazon Web Services, PayPal, Twilio, and other cloud and software-as-a-service platforms are being targeted by the novel FBot malware based on the Python programming language, reports SiliconAngle.
Numerous tools have been integrated into FBot which overlaps with the Legion cloud information-stealing malware including a port scanner, IP address generator, AWS API Key Generator, AWS EC2 Checker, and Mass AWS Checker, as well as an email validator and Twilio- and Sengrid-specific utilities, to facilitate AWS account hijacking and credential harvesting activities, according to a report from SentinelOne's SentinelLabs. WordPress and other content management systems, as well as Larevel applications, could also be compromised by FBot, which is also available as a Windows executable. Such findings indicate the significant threat posed by the malware, which should prompt increased cloud and payment security through multi-factor authentication and alerts for suspicious cloud activity, noted researchers. "Create alerts that notify security operations teams when a new AWS user account is added to the organization, as well as alerts for new identities added or major configuration changes to SaaS bulk mailing applications where possible," researchers added.
Numerous tools have been integrated into FBot which overlaps with the Legion cloud information-stealing malware including a port scanner, IP address generator, AWS API Key Generator, AWS EC2 Checker, and Mass AWS Checker, as well as an email validator and Twilio- and Sengrid-specific utilities, to facilitate AWS account hijacking and credential harvesting activities, according to a report from SentinelOne's SentinelLabs. WordPress and other content management systems, as well as Larevel applications, could also be compromised by FBot, which is also available as a Windows executable. Such findings indicate the significant threat posed by the malware, which should prompt increased cloud and payment security through multi-factor authentication and alerts for suspicious cloud activity, noted researchers. "Create alerts that notify security operations teams when a new AWS user account is added to the organization, as well as alerts for new identities added or major configuration changes to SaaS bulk mailing applications where possible," researchers added.
