Stop Malicious Browser Push Notifications in 2026

You keep seeing alerts slide in from the corner of your screen: "Your PC is infected!" or "You have a new message," even when no app is open. Those are malicious browser push notifications, sent by websites you unknowingly granted permission to, and they are a growing delivery channel for scams and malware in 2026. The fix is quick once you know where to look. This guide shows how to block them and clean up the ones you already allowed.

Key takeaways

• Web push notifications let websites send alerts to your desktop even when their tab is closed. Scammers trick you into clicking "Allow," then spam you with fake warnings and phishing links.
• These notifications often impersonate system messages or virus alerts to lure you into clicking malicious links or installing malware.
• Attack frameworks like Matrix Push C2 now abuse browser notifications directly to deliver phishing and malware at scale.
• The fix is to review and remove notification permissions in your browser and set it to ask, or block, before granting new ones.
• Chrome added automatic safeguards in 2026 that revoke notification permissions from spammy sites, but you should still audit your own list.

How you ended up with notification spam

Push-notification abuse starts with a single misleading click. A site shows a fake prompt, sometimes disguised as a CAPTCHA ("Click Allow to prove you are human") or a video player, and when you click Allow, you grant it permission to send notifications indefinitely. From then on it can push alerts to your desktop even after you have left the site.

Scammers use this channel for fake virus warnings, tech-support lures, adult content, and clickbait, all engineered to get you to click a malicious link. Newer command-and-control frameworks abuse the same mechanism to deliver phishing and malware, turning a convenience feature into an attack surface.

Here is where to find the notification controls in each major browser:

Browser	Settings path	Action
Chrome	Privacy and Security > Site Settings > Notifications	Remove or Block unknown sites; set default to ask or block
Edge	Cookies and site permissions > Notifications	Remove unfamiliar sites; turn off "Ask before sending" to block all
Firefox	Privacy and Security > Permissions > Notifications > Settings	Remove untrusted sites; tick "Block new requests"
Safari	Settings > Websites > Notifications	Set offending sites to Deny

> suspicious deskt

How to block and remove them

Google Chrome

1. Open Settings, then Privacy and Security, then Site Settings, then Notifications.

2. Review the "Allowed to send notifications" list. For any site you do not recognize or did not intentionally approve, click the three dots and choose Remove or Block.

3. Change the default behavior. Set notifications to "Don't allow sites to send notifications," or at least keep it on "Sites can ask," so nothing slips through automatically.

Microsoft Edge

1. Open Settings, then Cookies and site permissions, then Notifications.

2. Remove unfamiliar sites from the Allow list.

3. Turn "Ask before sending" off if you want to block all new notification requests outright.

Firefox

1. Open Settings, then Privacy and Security, then scroll to Permissions, then Notifications, then Settings.

2. Remove every site you do not trust from the list.

3. Tick "Block new requests asking to allow notifications" to stop future prompts.

How to tell a scam notification from a real one

Not every browser notification is malicious. Your bank, a project tool, or a news site you genuinely subscribed to can all use them legitimately. The tells that separate a scam alert from a real one are consistent once you know them:

• Fake urgency and fear. "Your PC is infected," "Your subscription expired," or "Suspicious login detected" are designed to make you click before you think. Real services rarely push panic through a browser banner.
• A sender you do not recognize. Legitimate notifications come from a domain you can identify. Scam ones often come from random strings or lookalike domains.
• System impersonation. A web notification cannot actually be a Windows or antivirus alert. If a browser banner claims to be your operating system or security software, it is fake by definition.
• Adult content, prizes, or "you won." These are pure bait and never legitimate.

When in doubt, do not click. Open the service directly by typing its address yourself, and check there. A real alert will be reflected inside the actual account, not only in a pop-up. The golden rule is that a notification should never be the only place a piece of important information exists; if your bank really flagged a login, it will also show in your account and likely in your email, so you never need to act on the browser banner itself.

What it is doing to your browser

Beyond the annoyance, persistent notification spam is a sign your browser's permission list has drifted out of control. Each allowed site can keep messaging you indefinitely, and some scam networks chain permissions so that clicking one alert lands you on a page that begs for another. Clearing the list resets that, but it is worth understanding why it accumulates: a single careless "Allow" during a fake CAPTCHA can sit in your settings for months, quietly firing alerts long after you forgot the site. That is exactly why auditing the list, rather than just dismissing individual pop-ups, is the only durable fix.

What to do right now

Spend five minutes closing this off for good:

• Open your browser's notification settings (paths in the table above) and remove every site you do not specifically want messages from.
• Set the default to "Don't allow sites to send notifications," or at least "Sites can ask," so nothing slips through silently.
• Make it a habit to refuse any "Allow" prompt that appears during a CAPTCHA, a video player, or a download page.
• Update your browser, since recent versions add automatic spam safeguards that revoke abusive permissions.
• If you clicked a notification and then downloaded or ran anything, run a full malware scan to be safe.

Stay clean going forward

The simplest rule is to never click "Allow" on a notification prompt unless you specifically want updates from that exact site. Treat any prompt that appears during a fake CAPTCHA, a video player, or a download page as a trap. This is closely related to the ClickFix fake-CAPTCHA technique, which uses the same "click to proceed" psychology to deliver infostealers.

If notification spam has already led you to scary full-screen warnings, our guide to tech-support pop-up scams explains how to handle those without panicking. Keeping your browser updated and running a reputable ad blocker also cuts down the malicious sites that push these prompts in the first place. While you are tidying up the browser, it is worth doing a wider sweep with our browser extension security audit, since a malicious extension can be the source of the same kind of junk.

Frequently asked questions

Are these notifications malware on my computer?

Usually not. They are legitimate browser notifications from websites you granted permission to, not malware installed on your system. Revoking the permission stops them. The danger is in clicking the links they contain, which can lead to actual malware.

Why do they keep appearing after I close the browser?

Web push notifications are designed to work even when the site's tab is closed, as long as the browser is running. That is exactly why scammers want the permission. Removing the site from your notifications list is what stops them for good.

Did clicking one of these notifications infect me?

Clicking a notification opens whatever link it points to, which could be a phishing page or a malware download. If you clicked one and then downloaded or ran something, run a malware scan. Simply seeing the notification does not infect you.

Does Chrome block this automatically now?

Chrome introduced safeguards in 2026 that automatically revoke notification permissions from sites sending low-value or excessive alerts, plus spam-muting features. These help, but they do not catch everything, so auditing your own notification list is still worthwhile.