Matrix Push C2 Abuses Browser Notifications to Deliver Phishing and Malware www.malwarebytes.com/blog/news… Cybercriminals are using browser push notifications to deliver malware and phishing attacks. Researchers at BlackFog have identified a new command-and-control platform, called Matrix Push C2, that leverages browser push notifications to reach potential victims. Granting notification permissions on an untrusted website enables attackers to push fake error messages or security alerts that appear convincingly legitimate. These alerts can be crafted to resemble operating system or trusted software notices, including authentic-looking titles, layouts, and icons. Pre-formatted templates exist for brands such as MetaMask, Netflix, Cloudflare, PayPal, and TikTok. Criminals can modify settings to make messages appear trustworthy or trigger panic. The command-and-control panel gives attackers granular control over the appearance and behaviour of these push notifications.
Matrix Push C2 Abuses Browser Notifications
Edward Kiledjian
@ekiledjian