DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

Summary

DriveSurge is a malicious traffic distribution system (TDS) that has compromised thousands of legitimate websites to redirect visitors to sites delivering ClickFix and FakeUpdate malware. The operation leverages compromised or poorly secured web properties to distribute malware at scale. This represents a significant supply-chain risk targeting website visitors through trusted domains.

Indicators of Compromise

• malware — DriveSurge
• malware — ClickFix
• malware — FakeUpdate