It has been a week of ‘not what they seem’ hack attacks. First there was the news of how cybercriminals are testing out a new Android banking trojan called Sturnus that reads secure instant message conversations by bypassing encryption and copying them when displayed on the smartphone screen. Then, a warning to businesses to avoid falling victim to stealthy copy-and-paste attacks using the clipboard as an attack vector. And now, dear reader, it’s the turn of the Matrix. No, not that Matrix, but Matrix Push. This cybercrime platform is using compromised and highly disguised web browser notifications to fool Netflix, PayPal and users of other high-profile services to grab account credentials. Here’s what you need to know.
Netflix And PayPal Users Among Those Warned To Beware The Matrix
If there are three cybersecurity-related things I can say with some certainty as we start the fast descent into the new year, then they are as follows:
- Phishing is not going anywhere.
- All operating systems will remain open to threats.
- Cybercriminals will continue to develop new and effective attack platforms.
I mention this as all three are neatly wrapped up in a new threat warning report that has been issued by BlackFog security, and confirms a new command-and-control platform, Matrix Push C2, being used by cybercriminals to deliver malware and phishing attacks by way of web browser functionality.
Leveraging push browser notifications, faked system alerts, and lick-me link redirects, Matrix Push “turns web browsers into an attack delivery vehicle,” BlackFog’s Brenda Robb said.
The phishing threat is there from the start, using social engineering to get potential victims to agree to accept browser notifications on a website that may be entirely malicious, or entirely legitimate but unknowingly compromised. Doing so sets off a chain of events that can have disastrous consequences. Browser app web push notifications are exploited by sending carefully crafted alerts that appear to be from the operating system or browser and pretend to be on behalf of the likes of Netflix and PayPal.
“We found templates for brands such as MetaMask, Netflix, Cloudflare, PayPal, TikTok, and more,” Robb confirmed, “each designed to look like a legitimate notification or security page from those providers.”
The cunning ploy here is that these notifications appear where you would expect them to, in the genuine notification area of the device, which makes it much more likely the user will accept them as real and respond by clicking through to whatever credential-grabbing resource they will end up at.
Netflix users can get advice regarding phishing attacks here, while PayPal users can find the same here.