Criminals are phishing innocent people with a NACHA electronic payment email scam that redirects to an infected page hosted on the website for the Embassy of Belize in Guatemala:
That page loads exploit code:
Did you know that this script is not detected by any AV? (VirusTotal 0/42). However, using Malzilla we can de-obfuscate the code to see what we really have:
The obfuscated code redirects to an iframe, a page containing multiple exploits:
synergyledlighting.net/main.php?page=4e4959105994cf84
This also happens to be a BlackHole:
A BlackHole is an exploit toolkit that serves drive-by downloads. Through this admin panel, one can look at stats such as number of hosts infected per country, operating system etc…
If you want to dig in deeper, here are a list of files found on this BH:
Jerome Segura