THE article discusses a large-scale cyberattack operation named DriveSurge, which has hijacked thousands of legitimate websites to redirect users to malware through ClickFix and FakeUpdate attacks. This organized malware delivery system targets both Windows and macOS users and operates as an initial access broker using a pay-per-install model. Researchers discovered the operation, characterized by its sophisticated infrastructure and long-term stealth, utilizing a traffic distribution system (TDS) called zTDS.
Victims visiting compromised sites experience fake browser update prompts or error messages prompting malware installation. The DriveSurge operation highlights a trend of industrialized cybercriminal activities, and experts recommend enhancing user education and threat intelligence to combat such attacks.