Security researchers at SentinelOne have identified a new Python-based hacking tool called FBot being used by cybercriminals. FBot is capable of credential harvesting for spamming attacks, AWS account hijacking, and enabling attacks against PayPal and various SaaS accounts. The tool has a smaller footprint compared to similar tools, suggesting possible private development and a more targeted distribution approach. FBot targets web servers, cloud services, and SaaS technologies such as AWS, Office365, PayPal, Sendgrid, and Twilio. Additionally, it includes features for spamming attacks, an IP address generator, a port scanner, and email validation using an Indonesian technology service provider. SentinelOne recommends enabling multi-factor authentication for AWS services and setting up alerts for new AWS user accounts and major configuration changes to SaaS bulk mailing applications.
Read more: https://www.securityweek.com/researchers-flag-fbot-hacking-tool-hijacking-cloud-payment-services/