1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Thousands of compromised websites abused by DriveSurge in active

    From TechnologyDaily@1337:1/100 to All on Tuesday, June 02, 2026 11:15:25
    Thousands of compromised websites abused by DriveSurge in active ClickFix and FakeUpdates campaigns

    Date:
    Tue, 02 Jun 2026 10:05:00 +0000

    Description:
    SilentPush is warning about an Intial Access Broker campaign called
    DriveSurge that uses thousands of websites to deploy a backdoor.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter SilentPush researchers
    uncovered DriveSurge, a largescale ClickFix campaign Victims are profiled and served either ClickFix or FakeUpdates Access is later sold on the dark web An ongoing ClickFix campaign has infected thousands of computers with backdoor malware. This is according to security researchers SilentPush , who said the threat actors are selling the access on the dark web.

    The campaign, dubbed DriveSurge, starts on poorly secured websites, where criminals inject malicious scripts. These scripts act as lightweight beacons, passing visitor data to a remote Traffic Distribution System (TDS) called zTDS. There, the visitors are evaluated and if deemed a target, the zTDS server instructs the script to load a ClickFix overlay. Bots and researchers are served the legitimate webpage to avoid being detected. Latest Videos From Watch full video here: You may like Ghost CMS flaw hijacked to target
    hundreds of websites with ClickFix attacks Microsoft warns ClickFix attacks targeting Windows Terminal to trick users into running malware Hackers hijack WordPress sites to spread malware using fake CAPTCHA Thousands of websites used Depending on the profiling, the victims can be served either ClicFix or FakeUpdates. The goal is the same - the execution just slightly varies. In both cases, the victims are shown a problem (for example, their browser is outdated). In ClickFix, they are offered a solution (copying and pasting a command into the Windows Run or Terminal programs), while in FakeUpdates,
    they are directly served an executable that installs the malware.

    In both cases, the victims end up with a backdoor that grants the attackers unabated access to the targets system. They later sell it on the dark web to other groups, who can use it for different things, such as data exfiltration, identity theft, wire fraud, or ransomware.

    The exact number of websites being leveraged in this campaign has not been shared. However, SilentPush said the attackers compromised thousands of websites, and that the entire DriveSurge campaign is working at a very large scale. Using zTDS, DriveSurge hijacks thousands of legitimate,
    high-reputation websites and silently redirects visitors to malware , unbeknownst to the sites owners or their visitors, Silent Push said in the report.

    Defending against ClickFix and FakeUpdates attacks is rather simple - only download updates from reputable sources and never paste commands in Run and Terminal at a websites request. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news
    and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/thousands-of-compromised-websites-abuse d-by-drivesurge-in-active-clickfix-and-fakeupdates-campaigns


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)