"In these attacks, prospective targets are tricked into allowing browser notifications through social engineering on malicious or legitimate-but-compromised websites. Once a user agrees to receive notifications from the site, the attackers take advantage of the web push notification mechanism built into the web browser to send alerts that look like they have been sent by the operating system or the browser itself, leveraging trusted branding, familiar logos, and convincing language to maintain the ruse."
"What makes this a clever technique is that the entire process takes place through the browser without the need for first infecting the victim's system through some other means. In a way, the attack is like ClickFix in that users are lured into following certain instructions to compromise their own systems, thereby effectively bypassing traditional security controls."
Matrix Push C2 uses browser web-push notifications as a fileless command-and-control channel to deliver phishing links and malicious redirects. Targets are social-engineered into permitting notifications on malicious or compromised websites. Attackers send alerts that mimic the operating system or browser UI, using trusted branding, familiar logos, and persuasive language. Alerts include buttons such as "Verify" or "Update" that redirect victims to bogus sites. The attack operates entirely through the browser without prior system infection, enabling users to self-compromise and bypass conventional security controls. The mechanism is cross-platform and the kit is sold as a malware-as-a-service via crimeware channels like Telegram and cybercrime forums under a tiered subscription model.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]