Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services

Executive Summary

• FBot is a Python-based hacking tool distinct from other cloud malware families, targeting web servers, cloud services, and SaaS platforms like AWS, Office365, PayPal, Sendgrid, and Twilio.


• FBot does not utilize the widely-used Androxgh0st code but shares similarities with the Legion cloud infostealer in functionality and design.


• Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various SaaS accounts.


• FBot is characterized by a smaller footprint compared …

aws cloud cloud malware cloud services code design executive families hacking hacking tool infostealer key legion malware malware analysis office365 payment paypal platforms python saas servers services targeting the legion tool twilio web web servers