CometSoul

make IT easy

  • Bahasa Indonesia
  • English

    • Matrix Push C2: A New Phishing Technique Through Browser Notifications

    by

    Dody Prathama
    in

    A new command-and-control (C2) platform called Matrix Push C2 has been found exploiting browser notifications to carry out cross-platform phishing attacks. This technique is considered dangerous because it is fileless and capable of operating on Windows, macOS, Android, and even Linux.

    According to a report from BlackFog, Matrix Push C2 uses fake notifications, pop-ups, and redirect links to deliver malicious URLs to victims.

    How the Matrix Push C2 Attack Works

    First, the victim is directed to allow notifications from a malicious website or a legitimate site that has been compromised. Once permission is granted, the attacker can send fake notifications that appear to be system messages or official browser messages.

    Usually the notification contains messages such as:

    • suspicious login
    • security update
    • browser update

    After the victim clicks a button such as Verify or Update, they are directed to a phishing site.

    Why Is This Technique Dangerous?

    There are three main reasons:

    • the attack occurs directly in the browser
    • it does not require malware installation
    • it is cross-platform

    Thus, almost any device can become a target as long as notifications are enabled.

    Sold as a Service

    In addition, Matrix Push C2 is sold as malware-as-a-service (MaaS) through Telegram and cybercrime forums. Its subscription packages start at around USD 150 per month.

    The platform’s dashboard allows attackers to:

    • send phishing notifications
    • monitor victims in real time
    • create phishing short links
    • analyze campaigns
    • view browser extensions, including crypto wallets

    Target Brands in Notifications

    The available phishing templates include popular brands such as:

    • MetaMask
    • Netflix
    • PayPal
    • TikTok
    • Cloudflare

    As a result, it is difficult for victims to distinguish between genuine and fake messages.

    Conclusion

    Matrix Push C2 demonstrates a shift in attackers’ strategies for gaining initial access. Once victims are affected, attackers can:

    • steal credentials
    • drain crypto wallets
    • install additional malware
    • collect personal data

    For this reason, users should be cautious when granting browser notification permissions.

    Source: https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html