A new malicious agent, named, is causing considerable concern FBotwhich is targeting cloud and payment services.
The malware, identified following a search for SentinelLabs, is based on the Python programming language and in the wrong hands it can be devastating. Hackers, in fact, by exploiting FBot are able to manipulate services such as Amazon Web Services (AWS), Office365 e PayPalcausing extensive damage to victims.
Compared to other similar malware (such as AlienFox, Predator, Greenbot e Legion) this does not incorporate the codice Androxgh0stan industry-wide credential scraping module.
FBot focuses mainly on services SaaS e Web, presenting a secondary focus also on account protection systems, trying to implement massive spam attacks. Once a hacker uses the malware and gains initial access, he can freely perform transactions and other invasive operations.
FBot: Infostealer is a real threat to AWS and PayPal
The malware we are talking about has several fearsome features. In addition to the ability to collect credentialswe are talking about tools specifically designed to hijack AWS and PayPal accounts.
SentinelLabs detected samples from July 2022 to January 2024, indicating that the operation is still ongoing. Despite the large time frame examined, there are few noticeable changes between FBot versions to date, with experts still not knowing whether cybercriminals are engaging in development or the malware is now considered “complete.”
As for distribution channels, this infostealer stands out from other similar ones. We don’t talk about Telegramlike many similar cases, but of other types of distribution, with smaller and more difficult to identify operations.
Experts at SentinelLabs have urged organizations to adopt multi-factor authentication (MFA), especially in the AWS context. Keeping company staff updated on cyber threats is another way to avoid potential infections of this type.