Kenyan’s business website use by attackers for credential harvesting of Chinese EMS Customers.
Attackers are leveraging this Kenyan’s business website to harvest credentials of Chinese EMS customer. The said company is focused on design, engineering and supply of electromechnical solutions with head office located in Nairobi Kenya. Below is the website’s homepage
Compromise page sitting on the website is as shown below
Further analysis of the emss.php shows it is a phishing trojan as detected below.
Some line of code …
Leave a Reply