Brain Food Botnet

Proofpoint researchers discovered a new botnet spreading via phishing emails, dubbed “Brain Food,” that has infected over 5,000 websites in the last four months, with over 2,400 of those sites showing activity in the last week. These emails typically contain a shortened URL and may be sent from a spoofed email impersonating someone known to the victim. The link redirects the user to a website containing an article about a miracle weight loss pill, using stolen branding to make the website appear as a legitimate source. In the background of the website, a malicious PHP script runs and sends system information to the C2 server and contains a backdoor that could allow a threat actor to perform remote code execution on an infected system. The NJCCIC recommends reviewing the Proofpoint report and educating end users about this and similar threats and reminding them never to click on links delivered in unexpected or unsolicited emails. Users who receive unexpected or unsolicited email requests from known senders inviting them to click on a link or open an attachment should always verify the sender via another means of communication before taking any action. If any end users have taken action on emails from this campaign, isolate the affected system from the network immediately and perform a full system scan using a reputable anti-malware solution.