{"id":225827,"date":"2025-11-25T01:23:39","date_gmt":"2025-11-25T07:23:39","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/11\/matrix-push-c2-uses-browser-notifications-for-fileless-cross-platform-phishing-attacks"},"modified":"2025-11-25T01:23:39","modified_gmt":"2025-11-25T07:23:39","slug":"matrix-push-c2-uses-browser-notifications-for-fileless-cross-platform-phishing-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/11\/matrix-push-c2-uses-browser-notifications-for-fileless-cross-platform-phishing-attacks","title":{"rendered":"Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/matrix-push-c2-uses-browser-notifications-for-fileless-cross-platform-phishing-attacks.jpg\"><\/a><\/p>\n<p>That\u2019s not all. Since the attack plays out via the web browser, it\u2019s also a cross-platform threat. This essentially turns any browser application on any platform that subscribes to the malicious notifications to be enlisted to the pool of clients, giving adversaries a persistent communication channel.<\/p>\n<p>Matrix Push C2 is offered as a malware-as-a-service (MaaS) kit to other threat actors. It\u2019s sold directly through crimeware channels, typically via Telegram and cybercrime forums, under a tiered subscription model: about $150 for one month, $405 for three months, $765 for six months, and $1,500 for a full year.<\/p>\n<p>\u201cPayments are accepted in cryptocurrency, and buyers communicate directly with the operator for access,\u201d Dr. Darren Williams, founder and CEO of BlackFog, told The Hacker News. \u201cMatrix Push was first observed at the beginning of October and has been active since then. There\u2019s no evidence of older versions, earlier branding, or long-standing infrastructure. Everything indicates this is a newly launched kit.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>That\u2019s not all. Since the attack plays out via the web browser, it\u2019s also a cross-platform threat. This essentially turns any browser application on any platform that subscribes to the malicious notifications to be enlisted to the pool of clients, giving adversaries a persistent communication channel. Matrix Push C2 is offered as a malware-as-a-service (MaaS) [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1761,34,418],"tags":[],"class_list":["post-225827","post","type-post","status-publish","format-standard","hentry","category-cryptocurrencies","category-cybercrime-malcode","category-internet"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/225827","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=225827"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/225827\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=225827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=225827"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=225827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}