Kenyan’s business website use by attackers for credential harvesting of Chinese EMS Customers.

Attackers are leveraging this Kenyan’s business website to harvest credentials of Chinese EMS customer. The said company is focused on design, engineering and supply of electromechnical solutions with head office located in Nairobi Kenya. Below is the website’s homepage

Website HomePage

Compromise page sitting on the website is as shown below

Compromised Page Running emss.php file.

Block Page by an EDR

Further analysis of the emss.php shows it is a phishing trojan as detected below.

Some line of code …

Leave a Reply

Your email address will not be published.

Scroll to Top