A new command-and-control system called Matrix Push C2 has become a major threat to users on all operating systems. This tool uses normal web browser features to deliver malware and phishing attacks without needing any file downloads.
Matrix Push C2 works through web push notifications, allowing attackers to communicate directly with a victim’s browser. Through this channel, they can send fake alerts, redirect users to harmful websites, track activity in real time, and even look for cryptocurrency wallets.
Because the attack comes from the browser itself, it can easily bypass many traditional security tools.
Researchers at BlackFog discovered how advanced the system is. The Matrix Push C2 dashboard shows attackers which browsers are infected, how many notifications were delivered, and how victims interacted with them. Even with only three test devices, the system achieved a 100% delivery rate — showing how powerful this attack could become when used on a large scale.
How the Infection works?
The attack starts with social engineering. Hackers trick users into enabling browser notifications on malicious or compromised websites.
Once notification access is granted, the attacker gets a direct line to the user’s device. They can then send fake alerts or warning messages that appear to come from trusted companies or even the operating system.
When the victim clicks these notifications, they are taken to harmful websites containing phishing pages or malware installers.
For example, a fake alert might say:
“Your Chrome browser needs an urgent update! Click here to continue.”
The link then leads to a malicious download.
All of this happens through the browser’s notification system—meaning no traditional malware is installed, making the attack much harder to detect.
Matrix Push C2 is especially dangerous because it uses phishing templates that look exactly like real brands such as PayPal, Netflix, Cloudflare, and MetaMask. Attackers can copy these designs perfectly, making the messages very convincing.
The system also shows attackers who received the notifications, who clicked them, and details about each device — giving them full control of the attack.
Leave A Comment