I deactivated my Facebook account

After many years as a Facebook user yesterday I deactivated my Facebook account. I also deleted my Instagram, but in fact I never used it. The people at Twitter had blocked my Twitter account, so now if you want to talk to me you have to send me an email or call me on the … Continue reading I deactivated my Facebook account →

Business breakfast with fraud

Looking at what ends up in the Matrix network I noticed a kit that targets Kraken customers. As usual, the victim is frightened with an alleged compromise of their account. The interesting aspect of this kit is that instead of asking the victim to enter their wallet details, the application suggests the victim to schedule … Continue reading Business breakfast with fraud →

Why aren’t criminals’ email accounts closed?

Free time is less and less, nevertheless I try to dedicate at least a couple of hours every week to the analysis of the Matrix evidence. I dedicate some time to the analysis of phishing kits and to the sharing of the email and Telegram token indicators on my public ioc repo: https://github.com/ecarlesi/ioc.git From this … Continue reading Why aren’t criminals’ email accounts closed? →

Phishing against Kraken

At the end of a pretty busy day, I finally found a few minutes to check out the incoming notifications from Matrix. I noticed a kit that targets Kraken customers because their icon reminds me of the ghost from Pacman, and just today I got the vintage Pacman console 🙂 The domain used for the … Continue reading Phishing against Kraken →

Attack against Correios

This morning I came across a kit aimed at Brazilian taxpayers. The domain used for the attack is consultarencomeda[.]online The attack is currently in its initial phase, the domain was registered a few hours ago and the kit was copied to the hosting. Matrix intercepted these two activities, analyzed the archive containing the kit and … Continue reading Attack against Correios →

An update on the Matrix project

Since Matrix has had its own blog for some time now, I'll just post the reference here. In this article I'll tell you about my experience with Elasticsearch and how one of its instances became part of Matrix. https://matrixproject.info/2024/12/14/lucene-has-finally-arrived-thanks-to-elastricsearch/

Another source of malware

One of the features of Matrix is monitoring on some resources that are detected as suspicious. This monitoring is useful to identify threats like this one I am writing about. An hour ago Matrix reported the site file-share-transfer[.]com as "opendir", this is because there was no content inside. A few minutes ago however the component … Continue reading Another source of malware →

Script kiddie in action

Today I was analyzing some Matrix collected phishing kits and this struck me. First of all for the continuous duplication of code, there are ten files with practically the same code with minor changes, he could have made a function… but unfortunately he is an idiot and so I come to the climax of the … Continue reading Script kiddie in action →

PostNL phishing kit (with video tutorial)

I recently came across this kit that targets PostNL customers. The kit is currently still online. Technically it's not that great, the usual crap written badly in PHP; what I found funny was the "license". Пользовательское соглашение: Блокировка на все RU машины (RU header). Продукт поставляется "как есть", функционал в описании к продукту. Автор не … Continue reading PostNL phishing kit (with video tutorial) →

Tale of a scam

This morning I dedicated half an hour to understand something better about a scam that I had understood to be a scam without ever having seen it in action. I'll start with a shortened link I received. A page opens with the graphics of a well-known Italian newspaper (La Repubblica) presenting a series of articles … Continue reading Tale of a scam →