Matrix Push C2 browser push notification malware delivery
Malware Activity
Summary
Hide ▲
Show ▼
The Matrix Push C2 platform is abusing browser push notifications to deliver fake alerts and steer victims to malicious sites, expanding malware delivery across Windows, Mac, Linux, Android, and more. It also lets operators watch infected browsers in real time, making the abuse more dangerous than a simple phishing lure. The activity matters because the channel is described as fileless and can evade suspicion by using a normal browser feature.
Related Happenings
Enterprise browser phishing detection gaps leave one in five attacks undetected
Trend
H score29
First: 10.06.2026 18:30
Last: 10.06.2026 18:30
Sources 1
About this happening:
Browser-based phishing is leaving **enterprise users** exposed, with **one in five** attacks going completely undetected across **millions of active browser sessions** from **Janu...
Enterprise browser phishing detection gaps leave one in five attacks undetected
TrendAbout this happening: Browser-based phishing is leaving **enterprise users** exposed, with **one in five** attacks going completely undetected across **millions of active browser sessions** from **Janu...
Securing the browser session layer to reduce enterprise browser-based phishing and session-layer abuse
Defensive Guidance
H score14
First: 10.06.2026 18:30
Last: 10.06.2026 18:30
Sources 1
About this happening:
**Enterprise browser-session hardening** is being emphasized to reduce **browser-based phishing** and **session-layer abuse** across enterprise environments. The guidance targets...
Securing the browser session layer to reduce enterprise browser-based phishing and session-layer abuse
Defensive GuidanceAbout this happening: **Enterprise browser-session hardening** is being emphasized to reduce **browser-based phishing** and **session-layer abuse** across enterprise environments. The guidance targets...
Browser-layer visibility guidance for browser-native threats
Defensive Guidance
H score22
First: 05.06.2026 17:00
Last: 05.06.2026 17:00
Sources 1
About this happening:
**Security teams** are being pushed to treat **browser sessions** as the primary detection surface for **phishing**, **credential theft**, and **ClickFix**. **Browser-native attac...
Browser-layer visibility guidance for browser-native threats
Defensive GuidanceAbout this happening: **Security teams** are being pushed to treat **browser sessions** as the primary detection surface for **phishing**, **credential theft**, and **ClickFix**. **Browser-native attac...
DriveSurge large-scale website-hijack malware distribution campaign
Campaign
H score41
First: 02.06.2026 01:14
Last: 02.06.2026 01:14
Sources 1
About this happening:
The **DriveSurge** campaign is redirecting visitors from **thousands of compromised websites** to **malware-delivery infrastructure**, creating a broad infection path through **Cl...
DriveSurge large-scale website-hijack malware distribution campaign
CampaignAbout this happening: The **DriveSurge** campaign is redirecting visitors from **thousands of compromised websites** to **malware-delivery infrastructure**, creating a broad infection path through **Cl...
Chromium JavaScript background RCE flaw
Vulnerability
H score16
First: 21.05.2026 21:13
Last: 21.05.2026 21:13
Sources 1
About this happening:
The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Chromium JavaScript background RCE flaw
VulnerabilityAbout this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Timeline
-
20.11.2025 02:00 2 articles · 7mo ago
Matrix Push C2 browser notification abuse disclosed
Initial DisclosureBlackFrog disclosed Matrix Push C2, a newly discovered command-and-control platform that abuses the web browser push notification system to deliver fake system and security alerts, redirect victims to phishing pages or malware downloads, and monitor infected browsers in real time. The platform uses a web-based dashboard, configurable templates that mimic brands such as MetaMask, Netflix, Cloudflare, PayPal, and TikTok, short redirect URLs, and a fileless browser-based workflow that works across Windows, Mac, Linux, Android, and other browser-equipped devices; BlackFrog recommended anti data exfiltration (ADX) technology to block outbound traffic.
Show sources
- Cybercriminals Exploit Browser Push Notifications to Deliver Malware — www.infosecurity-magazine.com — 21.11.2025 17:45
- Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks — thehackernews.com — 22.11.2025 08:47