DriveSurge is running large-scale malware distribution campaigns through compromised websites using ClickFix and FakeUpdates lures, with visitors redirected by the zTDS traffic distribution system. The campaign delivers fake browser update prompts and malicious commands, affecting both Windows and macOS users while leveraging thousands of hijacked sites. #DriveSurge #SilentPush #zTDS #ClickFix #FakeUpdates
Keypoints
- DriveSurge is distributing malware through large-scale campaigns on compromised websites.
- The group uses ClickFix and FakeUpdates social engineering tactics to trick victims.
- Visitors are routed through the zTDS traffic distribution system to choose the best lure.
- The campaign impersonates browser updates and uses PowerShell commands and malicious downloads.
- The activity extends beyond Windows and includes macOS-targeting malicious JavaScript.