FBot is a Python-based hacking toolkit, targeting web servers, cloud services, and SaaS platforms like AWS, Office365, PayPal, Sendgrid, and Twilio. FBot's primary purpose is to enable actors to hijack cloud, SaaS, and web services, with a secondary focus on acquiring accounts for spamming attacks.
Several malware families and toolkits such as AlienFox, Greenbot, Legion, and Predator leverage a common credential scraping module known as Androxgh0st. In this context, a distinct tool named FBot has been identified. FBot, a Python-based attack tool, possesses capabilities to target web servers, cloud services, and Software-as-a-Service (SaaS) technologies, including Amazon Web Services (AWS), Office365, PayPal, Sendgrid, and Twilio. What sets FBot apart is its lack of apparent adaptation of the Androxgh0st code, even though its earliest reference is one year more recent than the first appearance of Androxgh0st. Nevertheless, there are notable connections to the Legion cloud infostealer, suggesting that the Legion maintainer may have integrated code from FBot into their tool.
FBot's primary purpose is to enable actors to hijack cloud, SaaS, and web services, with a secondary focus on acquiring accounts for spamming attacks. The tool provides various utilities, including an IP address generator, a port scanner, and an email validator function that utilizes an Indonesian technology service provider for email address validation.