Matrix Push C2 launches fileless, cross-platform phishing via browser notifications

Matrix Push C2 is emerging as one of the most concerning new cyber tools of the year, with researchers warning that hackers are now using it to execute fileless phishing attacks directly through browser notifications.

Security analysts noted the rise of Matrix Push C2 reflects a shift toward stealthy techniques that don’t require traditional malware downloads.

According to a report from BlackFog, Matrix Push C2 enables attackers to exploit the built-in web push notification system.

Victims are first tricked, often through compromised or malicious sites, into allowing notifications. 

Once granted, hackers begin sending alerts crafted to look like legitimate operating system or browser messages, complete with trusted branding and urgent prompts.

These fake notifications often warn users about suspicious logins or pending updates, pushing them toward “Verify” or “Update” buttons that redirect to phishing pages.

As Matrix Push C2 operates entirely within the browser, it avoids triggering conventional security defenses and allows attackers to work across platforms with ease.

Cyber experts noted this method resembles ClickFix-style manipulation, where victims unknowingly aid in their own compromise.

As Matrix Push C2 spreads, analysts warn users to be extra cautious about notification permissions.