Malicious Emails Spreading via “Brain Food” Botnet
A botnet, dubbed “Brain Food,” has infected thousands of websites over the last few months and is spreading via spam emails. These emails typically contain a shortened URL and may be sent from a spoofed email impersonating someone known to the victim. The link redirects the user to a compromised website that often contains an article about a miracle weight loss or intelligence-boosting pill, using stolen branding to make the website appear as a legitimate source. In the background of the website, a malicious PHP script runs, sends system information to its command-and control (C2) server, and may install a backdoor that could allow a threat actor to perform remote code execution on the infected system. The NJCCIC recommends reviewing the Proofpoint report on Brain Food, educating end users about this along with similar threats, reminding them never to click on links delivered in unexpected or unsolicited emails. Users who receive unexpected email requests from known senders inviting them to click on a link or open an attachment should always verify the sender via another means of communication before taking any action. If any end users have acted on emails from this campaign, isolate the affected system from the network immediately and perform a full system scan using a reputable anti-malware solution.