Numerous tools have been integrated into FBot which overlaps with the Legion cloud information-stealing malware including a port scanner, IP address generator, AWS API Key Generator, AWS EC2 Checker, and Mass AWS Checker, as well as an email validator and Twilio- and Sengrid-specific utilities, to facilitate AWS account hijacking and credential harvesting activities, according to a report from SentinelOne's SentinelLabs. WordPress and other content management systems, as well as Larevel applications, could also be compromised by FBot, which is also available as a Windows executable. Such findings indicate the significant threat posed by the malware, which should prompt increased cloud and payment security through multi-factor authentication and alerts for suspicious cloud activity, noted researchers. "Create alerts that notify security operations teams when a new AWS user account is added to the organization, as well as alerts for new identities added or major configuration changes to SaaS bulk mailing applications where possible," researchers added.