Cybersecurity researchers have identified a new malicious tool called Matrix Push, which abuses browser notifications to run phishing and malware attacks. It turns the normal web-push feature into a method for attackers to reach users directly. The tool makes fake alerts look completely legitimate. Because of this, many people may not realize they are being targeted.

The attack usually begins when a user visits a malicious or compromised website. The site asks for permission to send browser notifications, which many users allow without thinking. Once permission is granted, the attacker registers a push subscription and a service worker. This gives them the ability to send notifications whenever they want.

After gaining notification access, the attackers send fake alerts that look like real messages from trusted services. These can appear as security warnings, login issues, or account-related messages. When a user clicks the notification, they are taken to malicious pages designed to steal information. These pages often mimic well-known brands to increase trust.

The dangerous part is that everything happens through standard browser functions. No obvious malware file needs to be downloaded at first. Since notifications are a normal feature, many security tools do not treat them as harmful. This makes the attack stealthy and harder to detect, especially for less-experienced users.

Researchers also found that Matrix Push includes an advanced dashboard for attackers. It tracks victim devices, browsers, locations, and whether users click the notifications. The dashboard looks similar to a marketing or advertising tool. This level of detail helps attackers plan more targeted and effective phishing campaigns.

Matrix Push is also platform-independent, making it even more threatening. It works on Windows, macOS, Linux, and Android, as long as the browser supports push notifications. Since the method relies on standard web APIs, the operating system does not need to be exploited directly. This gives attackers a wider range of potential victims.

Reports show that Matrix Push is being sold as a subscription service on underground platforms. This means even low-skilled cybercriminals can use it to run large-scale phishing operations. As the tool becomes more available, experts warn that the number of attacks may increase. The simplicity of the method makes it appealing to many threat actors.

To stay safe, users and organisations should be careful when allowing websites to send notifications. It is important to review and revoke permissions for sites that are not trusted. Keeping browsers updated and limiting notification access can reduce risk. In sensitive environments, disabling push notifications completely may be the safest option.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news