This attack uses web push notifications to send legit-looking alerts to users, sending them to phishing pages. The push notification API gives attackers significant visibility into the target's web browser.

Probably should have notifications disabled by default anyway.

https://www.blackfog.com/new-matrix-push-c2-deliver-malware/