{“lastseen”:”2025-11-24T16:05:10″,”description”:”Cybercriminals are using browser push notifications to deliver malware and phishing attacks. \\n\\nResearchers at BlackFog described how a new command-and-control platform, called Matrix Push C2, uses browser push notifications to reach potential victims.\\n\\nWhen we warned back in 2019 that browser push notifications were a feature just waiting to be abused, we noted that the Notifications API allows a website or app to send notifications that are displayed outside the page at the system level. This means it lets web apps send information to a user even when they’re idle or running in the background.\\n\\nHere’s a common example of a browser push notification:\\n\\n\\n\\nThis makes it harder for users to know where the notifications come from. In this case, the responsible app is the browser and users are tricked into allowing them by the usual \u201cnotification permission prompt\u201d that you see on almost every other website.\\n\\nBut malicious prompts aren\u2019t always as straightforward as legitimate ones. As we explained in our earlier post, attackers use deceptive designs, like fake video players that claim you must click \\”**Allow** \\” to continue watching.\\n\\n\\n\\nIn reality, clicking \\”Allow\\” gives the site permission to send notifications, and often redirects you to more scam pages.\\n\\nGranting browser push notifications on the wrong website gives attackers the ability to push out fake error messages or security alerts that look frighteningly real. They can make them look as if they came from the operating system (OS) or a trusted software application, including the titles, layout, and icons. There are pre-formatted notifications available for MetaMask, Netflix, Cloudflare, PayPal, TikTok, and more.\\n\\nCriminals can adjust settings that make their messages appear trustworthy or cause panic. The Command and Control (C2) panel provides the attacker with granular control over how these push notifications appear.\\n\\nImage courtesy of BlackFog\\n\\nBut that\u2019s not all. According to the researchers, this panel provides the attacker with a high level of monitoring:\\n\\n\\u003e \u201cOne of the most prominent features of Matrix Push C2 is its active clients panel, which gives the attacker detailed information on each victim in real time. As soon as a browser is enlisted (by accepting the push notification subscription), it reports data back to the C2.\u201d\\n\\nIt allows attackers to see which notifications have been shown and which ones victims have interacted with. Overall, this allows them to see which campaigns work best on which users.\\n\\nMatrix Push C2 also includes shortcut-link management, with a built-in URL shortening service that attackers can use to create custom links for their campaign, leaving users clueless about the true destination. Until they click.\\n\\nUltimately, the end goal is often data theft or monetizing access, for example, by draining cryptocurrency wallets, or stealing personal information.\\n\\n## How to find and remove unwanted notification permissions\\n\\nA general tip that works across most browsers: If a push notification has a gear icon, clicking it will take you to the browser\u2019s notification settings, where you can block the site that sent it. If that doesn\u2019t work or you need more control, check the browser-specific instructions below.\\n\\n### Chrome\\n\\nTo completely turn off notifications, even from extensions:\\n\\n * Click the three dots button in the upper right-hand corner of the Chrome menu to enter the **Settings **menu.\\n * Select **Privacy and Security**.\\n * Click **Site settings**.\\n * Select **Notifications.**\\n * By default, the option is set to **Sites can ask to send notifications.** Change to **Don\u2019t allow sites to send notifications** if you want to block everything.\\n\\n\\n\\nFor more granular control, use **Customized behaviors**.\\n\\n * Selecting **Remove** will delete the item from the list. It will ask permission to show notifications again if you visit their site. \\n * Selecting **Block** prevents permission prompts entirely, moved them to the block list.\\n\\n\\n\\n * You can also check **Block new requests asking to allow notifications** at the bottom. \\n\\n\\n\\nIn the same menu, you can also set listed items to **Block** or **Allow** by using the drop-down menu behind each item.\\n\\n### Opera\\n\\nOpera\u2019s settings are very similar to Chrome\u2019s:\\n\\n * Open the menu by clicking the **O** in the upper left-hand corner.\\n * Go to **Settings**(on Windows)\/**Preferences**(on Mac).\\n * Click **Advanced** , then **Privacy \\u0026 security.**\\n * Under **Content settings **(desktop)\/**Site settings **(Android) select **Notifications.**\\n\\n\\n\\nOn desktop, Opera behaves the same as Chrome. On Android, you can remove items individually or in bulk.\\n\\n### Edge\\n\\nEdge is basically the same as Chrome as well:\\n\\n * Open Edge and click the three dots (\u2026) in the top-right corner, then select **Settings**.\\n * In the left-hand menu, click on **Privacy, search, and services**.\\n * Under **Sites permissions** \\u003e **All permissions** , click on **Notifications**.\\n * Turn on **Quiet notifications requests** to block all new notification requests. \\n\\n\\n\\n * Use **Customized behaviors** for more granular control.\\n\\n\\n\\n### Safari\\n\\nTo disable web push notifications in Safari, go to **Safari \\u003e Settings \\u003e Websites \\u003e Notifications** in the menu bar, select the website from the list, and change its setting to **Deny**. To stop all future requests, uncheck the box that says **Allow websites to ask for permission to send notifications** in the same window. \\n\\n#### For Mac users\\n\\n 1. Go to **Safari \\u003e Settings \\u003e Websites \\u003e Notifications**.\\n 2. Select a site and change its setting to **Deny** or **Remove**.\\n 3. To stop all future prompts, uncheck **Allow websites to ask for permission to send notifications**.\\n\\n\\n\\n#### For iPhone\/iPad users\\n\\n 1. Open **Settings**.\\n 2. Tap **Notifications**.\\n 3. Scroll to **Application Notifications** and select **Safari**.\\n 4. You\u2019ll see a list of sites with permission.\\n 5. Toggle any site to **off** to block its notifications.\\n\\n\\n\\n* * *\\n\\n**We don ‘t just report on threats\u2014we help safeguard your entire digital identity**\\n\\nCybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.”,”published”:”2025-11-24T15:43:00″,”modified”:”2025-11-24T15:43:00″,”type”:”malwarebytes”,”title”:”Matrix Push C2 abuses browser notifications to deliver phishing and malware”,”source”:””,”references”:””,”id”:”MALWAREBYTES:6C98858296CD753818FE63E5899E9188″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/11\/matrix-push-c2-abuses-browser-notifications-to-deliver-phishing-and-malware”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-24T16:05:10″,”description”:”Cybercriminals are using browser push notifications to deliver malware and phishing attacks. \\n\\nResearchers at BlackFog described how a new command-and-control platform, called Matrix Push C2,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-27420","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n