![\"Netflix](\"https:\/\/www.newsbeep.com\/au\/wp-content\/uploads\/2025\/11\/1763912828_582_0x0.jpg\")
<\/p>\n<\/p>\n
Matrix attackers target Netflix, PayPal and others.<\/p>\n
NurPhoto via Getty Images<\/p>\n
It has been a week of \u2018not what they seem\u2019 hack attacks. First there was the news of how cybercriminals are testing out a new Android banking trojan called Sturnus<\/a> that reads secure instant message conversations by bypassing encryption and copying them when displayed on the smartphone screen. Then, a warning to businesses to avoid falling victim to stealthy copy-and-paste attacks<\/a> using the clipboard as an attack vector. And now, dear reader, it\u2019s the turn of the Matrix. No, not that Matrix, but Matrix Push. This cybercrime platform is using compromised and highly disguised web browser notifications to fool Netflix, PayPal and users of other high-profile services to grab account credentials<\/a>. Here\u2019s what you need to know. <\/p>\n ForbesSearch This New Password Hack List Now \u2014 If You Find Yours, Delete ItBy Davey Winder<\/a>Netflix And PayPal Users Among Those Warned To Beware The Matrix<\/p>\n If there are three cybersecurity-related things I can say with some certainty as we start the fast descent into the new year, then they are as follows:<\/p>\n Phishing is not going anywhere.All operating systems will remain open to threats.Cybercriminals will continue to develop new and effective attack platforms.<\/p>\n I mention this as all three are neatly wrapped up in a new threat warning report that has been issued by BlackFog security, and confirms a new command-and-control platform, Matrix Push C2<\/a>, being used by cybercriminals to deliver malware and phishing attacks by way of web browser functionality. <\/p>\n Leveraging push browser notifications, faked system alerts, and lick-me link redirects, Matrix Push \u201cturns web browsers into an attack delivery vehicle,\u201d BlackFog\u2019s Brenda Robb said. <\/p>\n ForbesHotels Hacker Alert Issued As \u2018I Paid Twice\u2019 Attacks ConfirmedBy Davey Winder<\/a><\/p>\n The phishing threat is there from the start, using social engineering to get potential victims to agree to accept browser notifications on a website that may be entirely malicious, or entirely legitimate but unknowingly compromised. Doing so sets off a chain of events that can have disastrous consequences. Browser app web push notifications are exploited by sending carefully crafted alerts that appear to be from the operating system or browser and pretend to be on behalf of the likes of Netflix and PayPal.<\/p>\n \u201cWe found templates for brands such as MetaMask, Netflix, Cloudflare, PayPal, TikTok, and more,\u201d Robb confirmed, \u201ceach designed to look like a legitimate notification or security page from those providers.\u201d<\/p>\n The cunning ploy here is that these notifications appear where you would expect them to, in the genuine notification area of the device, which makes it much more likely the user will accept them as real and respond by clicking through to whatever credential-grabbing resource they will end up at. <\/p>\n Netflix users can get advice regarding phishing attacks here<\/a>, while PayPal users can find the same here<\/a>.<\/p>\n