Matrix Push C2 browser push notification malware delivery
Malware Activity
Summary
Hide ▲
Show ▼
The Matrix Push C2 platform is abusing browser push notifications to deliver fake alerts and steer victims to malicious sites, expanding malware delivery across Windows, Mac, Linux, Android, and more. It also lets operators watch infected browsers in real time, making the abuse more dangerous than a simple phishing lure. The activity matters because the channel is described as fileless and can evade suspicion by using a normal browser feature.
Related Happenings
Chromium JavaScript background RCE flaw
Vulnerability
First: 21.05.2026 21:13
Last: 21.05.2026 21:13
Sources 1
About this happening:
The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Chromium JavaScript background RCE flaw
VulnerabilityAbout this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware Activity
First: 08.05.2026 21:12
Last: 08.05.2026 21:12
Sources 1
About this happening:
**TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware ActivityAbout this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
Venom Stealer MaaS continuous credential theft and exfiltration
Malware Activity
First: 01.04.2026 16:30
Last: 01.04.2026 16:30
Sources 1
About this happening:
The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...
Venom Stealer MaaS continuous credential theft and exfiltration
Malware ActivityAbout this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...
Torg Grabber browser-extension theft activity
Malware Activity
First: 25.03.2026 20:32
Last: 25.03.2026 20:32
Sources 1
About this happening:
The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...
Torg Grabber browser-extension theft activity
Malware ActivityAbout this happening: The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...
Perseus Android malware family actively distributed in the wild
Malware Activity
First: 19.03.2026 14:43
Last: 19.03.2026 14:43
Sources 1
About this happening:
The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...
Perseus Android malware family actively distributed in the wild
Malware ActivityAbout this happening: The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...
Timeline
-
20.11.2025 02:00 2 articles · 6mo ago
Matrix Push C2 browser notification abuse disclosed
Initial DisclosureBlackFrog disclosed Matrix Push C2, a newly discovered command-and-control platform that abuses the web browser push notification system to deliver fake system and security alerts, redirect victims to phishing pages or malware downloads, and monitor infected browsers in real time. The platform uses a web-based dashboard, configurable templates that mimic brands such as MetaMask, Netflix, Cloudflare, PayPal, and TikTok, short redirect URLs, and a fileless browser-based workflow that works across Windows, Mac, Linux, Android, and other browser-equipped devices; BlackFrog recommended anti data exfiltration (ADX) technology to block outbound traffic.
Show sources
- Cybercriminals Exploit Browser Push Notifications to Deliver Malware — www.infosecurity-magazine.com — 21.11.2025 17:45
- Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks — thehackernews.com — 22.11.2025 08:47