Brain Food is a PHP script botnet discovered by Proofpoint researchers spreading through phishing campaigns and has already compromised over 5,000 websites. The threat actor sends the victim a spam email containing a shortened URL link. After the link is clicked, the victim is redirected to a landing page that advertises diet pills using stolen branding to make the website appear legitimate. The page attempts to trick users into providing PII information to threat actors. The malicious PHP script runs in the background of the website, going unnoticed by anti-virus/anti-malware engines due to its polymorphic nature and obfuscated code. In addition to information-stealing, the malware contains a backdoor that could allow the threat actor to perform remote code execution on infected web servers.
Reporting and Technical Details:
May 2018: Brain Food botnet gives website operators heartburn (Proofpoint)
Image source: SC Magazine