Artea and ING phishing kit

Yesterday I came back from a weekend in Latvia and now I have come across an attack on Artea, a Lithuanian bank… The Baltics are calling me 🙂 Matrix has identified a series of patterns that have allowed them to quickly identify the various domains involved: banklithuanial.net lithuaniabankasl.net arteasite-login.net arteabankslogin.net italyingbank.net One of the sites … Continue reading Artea and ING phishing kit →

Correios phishing kit

In the last few weeks I have noticed that attacks on Correios are constant. I have studied the matter a bit: it is the Brazilian state company that manages shipments and payments related to them. The scam is always the same, attackers write to users saying that a shipment is blocked and that a small … Continue reading Correios phishing kit →

Being a hacker

Nothing annoys me more than hearing the term "hacker" used as a synonym for "criminal". I can actually accept it from people who do something else in life. It really bothers me when this abuse comes from people who say they are cyber security professionals. I understand that in recent years everyone has become cyber … Continue reading Being a hacker →

I deactivated my Facebook account

After many years as a Facebook user yesterday I deactivated my Facebook account. I also deleted my Instagram, but in fact I never used it. The people at Twitter had blocked my Twitter account, so now if you want to talk to me you have to send me an email or call me on the … Continue reading I deactivated my Facebook account →

Business breakfast with fraud

Looking at what ends up in the Matrix network I noticed a kit that targets Kraken customers. As usual, the victim is frightened with an alleged compromise of their account. The interesting aspect of this kit is that instead of asking the victim to enter their wallet details, the application suggests the victim to schedule … Continue reading Business breakfast with fraud →

Why aren’t criminals’ email accounts closed?

Free time is less and less, nevertheless I try to dedicate at least a couple of hours every week to the analysis of the Matrix evidence. I dedicate some time to the analysis of phishing kits and to the sharing of the email and Telegram token indicators on my public ioc repo: https://github.com/ecarlesi/ioc.git From this … Continue reading Why aren’t criminals’ email accounts closed? →

Phishing against Kraken

At the end of a pretty busy day, I finally found a few minutes to check out the incoming notifications from Matrix. I noticed a kit that targets Kraken customers because their icon reminds me of the ghost from Pacman, and just today I got the vintage Pacman console 🙂 The domain used for the … Continue reading Phishing against Kraken →

Attack against Correios

This morning I came across a kit aimed at Brazilian taxpayers. The domain used for the attack is consultarencomeda[.]online The attack is currently in its initial phase, the domain was registered a few hours ago and the kit was copied to the hosting. Matrix intercepted these two activities, analyzed the archive containing the kit and … Continue reading Attack against Correios →

An update on the Matrix project

Since Matrix has had its own blog for some time now, I'll just post the reference here. In this article I'll tell you about my experience with Elasticsearch and how one of its instances became part of Matrix. https://matrixproject.info/2024/12/14/lucene-has-finally-arrived-thanks-to-elastricsearch/

Another source of malware

One of the features of Matrix is monitoring on some resources that are detected as suspicious. This monitoring is useful to identify threats like this one I am writing about. An hour ago Matrix reported the site file-share-transfer[.]com as "opendir", this is because there was no content inside. A few minutes ago however the component … Continue reading Another source of malware →