Key Point: Large-scale malware distribution operation hijacks legitimate websites through TDS systems to redirect users to malicious sites and reveals critical gaps in the domain trust chain.
A widespread illegal advertising ring called DriveSurge is hijacking thousands of legitimate websites and redirecting visitors through its own malware distribution network to pages hosting malicious code. The approach demonstrates growing vulnerability of trusted domains as an attack vector.
DriveSurge is a malware traffic distribution operation that employs a system for maliciously redirecting website visitors. Operators of this campaign compromise trusted websites and misuse them to direct users to pages hosting harmful programs such as ClickFix and FakeUpdate. This typically occurs through manipulation of website infrastructure or hosting environments.
This model is relevant for the CISO role because it exposes a new attack vector against an organization’s own or partnered website presence: even if an organization hardens its security, attackers can leverage externally trusted domains to distribute malware. The damage ranges from reputational loss to malware infections of end users to network contamination and potential regulatory implications (particularly in the NIS2 context, which mandates reporting obligations for such incidents).
From a technical perspective, this involves infrastructure compromise in which attackers exploit trust in the domain. Mitigation requires both monitored integrity controls of website content (monitoring for unauthorized redirects), access controls on CMS and hosting systems, and coordination with the threat intelligence community to identify compromised domains before user harm occurs.
Source: www.darkreading.com · Published 2 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.