A new botnet called ‘Brain Food’ has been compromising websites using WordPress and Joomla content management systems.
Brain Food consists of a malicious PHP script found on over 5,000 compromised websites in the past four months, according to Proofpoint security researchers. The botnet was so named after the stolen branding of diet and intelligence boosting pills featured on TV shows such as Shark Tank and Entertainment Today.
“Brain Food is usually the second step in a chain of redirections, with the first being a URL shortener link in spam. In the past week, we have detected over 7,300 distinct URL shortener links used by this spammer, of which 55% were goo.gl links and 45% used bit.ly,” Proofpoint said.
Proofpoint further warned that there are still over 2,400 websites that show the malicious activity in the past several days. Nearly 40% of the compromised sites are on five hosted platforms, such as Go-Daddy and others.