Skip to content

DriveSurge Exploits Hacked Websites for ClickFix and FakeUpdate Attacks

Bottom line: Hacked websites are systematically exploited by DriveSurge as a malware distribution channel using deceptively authentic update and clickbait techniques.

The threat group DriveSurge is conducting large-scale malware distribution campaigns across thousands of hacked websites using ClickFix and FakeUpdate techniques. The approach targets broad user groups and circumvents traditional defensive measures by leveraging trust in legitimate-looking update prompts.

The threat group DriveSurge is executing a widespread campaign in which compromised websites are leveraged to distribute malware. The attackers employ two established social engineering techniques: ClickFix attacks that trick users into performing dangerous actions, and FakeUpdate schemes that masquerade as legitimate software updates.

The scale of the operation is significant – thousands of websites are affected and serve as infection vectors. For CISOs, this is an indicator that threat actors are increasingly turning to web content compromise to scale their malware campaigns. The tactic bypasses many technical security controls because it relies on user trust and deception: users see what appears to be a necessary update or an urgent warning on a legitimate website.

From a security strategy perspective, this means that endpoint detection, user awareness training, and web filtering are essential to identify and block such attacks. At the same time, organizations should monitor their own web assets for unauthorized modifications and strengthen access controls to prevent themselves from being abused as malware distribution platforms.


Source: www.bleepingcomputer.com · Published June 2, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.8.

Share on: