Bad Actors Exploit Browser Notifications for Phishing Attacks
Browser notifications are being used by malicious actors as a new method for phishing attacks through a command-and-control platform known as Matrix Push C2. This framework employs push notifications, fake alerts, and link redirects to target victims across various operating systems.
Victims are tricked into enabling browser notifications through social engineering on compromised or malicious websites. Once permission is granted, attackers utilize the web push notification mechanism to send alerts that appear to be from the operating system or browser itself, using trusted branding and convincing language to deceive users.
These deceptive alerts may include messages about suspicious logins or browser updates, prompting users to click on a “Verify” or “Update” button that leads them to a fraudulent website. What makes this technique particularly dangerous is that it operates entirely within the browser, bypassing traditional security measures.
Matrix Push C2 is offered as a malware-as-a-service kit on the dark web, with subscription plans ranging from one month to a full year. The platform allows attackers to send notifications, track victims in real-time, create shortened URLs, and even monitor installed browser extensions.
With a focus on social engineering, Matrix Push C2 provides customizable templates to mimic messages from well-known brands like MetaMask, Netflix, and PayPal. The platform also offers analytics tools to measure the effectiveness of phishing campaigns.
As attackers continue to evolve their tactics, it is crucial for users to remain vigilant against phishing attempts that exploit browser notifications. By understanding these threats, individuals can better protect themselves from falling victim to malicious schemes.
Rise in Attacks Exploiting Velociraptor Tool
In a separate development, cybersecurity firm Huntress has observed an increase in attacks leveraging the legitimate Velociraptor digital forensics and incident response tool. Threat actors are utilizing Velociraptor after gaining initial access through vulnerabilities like the one found in Windows Server Update Services.
By deploying Velociraptor for reconnaissance and data gathering, attackers are able to gather information about users, services, and configurations. This demonstrates a trend where threat actors are not only using custom command-and-control frameworks but also leveraging legitimate cybersecurity tools for malicious purposes.
As the cybersecurity landscape continues to evolve, organizations and individuals must stay informed about the latest threats and take proactive steps to enhance their security posture.
