The SentinelOne article, written by Alex Delamotte and published on January 11, 2024, discusses FBot, a Python-based malware targeting cloud and payment services. FBot is distinct from other malware, not using the common Androxgh0st code, but it resembles the Legion cloud infostealer in function and design. It focuses on credential harvesting and account hijacking, particularly targeting AWS, Office365, PayPal, Sendgrid, and Twilio. FBot’s small footprint suggests private development and targeted distribution, differing from other cloud infostealers sold on platforms like Telegram. The article emphasizes the importance of multi-factor authentication and alerts for new AWS user accounts to mitigate risks.
For more detailed information, you can read the full article by Alex Delamotte on SentinelOne’s website: Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services.