Cybersecurity researchers have uncovered a widespread malicious campaign in which thousands of legitimate websites have been compromised and used to distribute malware through deceptive social engineering tactics known as ClickFix and FakeUpdates.
Hackers Hijack Thousands of Websites in Large-Scale ClickFix and FakeUpdate Malware Campaign
According to findings shared by cybersecurity firm SilentPush, a threat actor tracked as DriveSurge is behind the ongoing operation, which has been actively redirecting unsuspecting users from trusted websites to malware delivery infrastructure.
Massive Website Compromise Campaign
Researchers report that the DriveSurge group has successfully infiltrated a large number of websites across different sectors. Once compromised, these sites are being used as redirect hubs, funneling visitors toward malicious pages designed to deliver harmful software.
The scale of the campaign suggests a coordinated effort rather than isolated incidents, raising concerns about the growing sophistication of modern cybercriminal operations.
ClickFix Tactic Used for Social Engineering
A key component of the attack is the ClickFix technique, a form of social engineering that manipulates users into taking actions that compromise their own systems.
In this method, victims are presented with fake alerts or prompts that appear to be legitimate technical warnings. Users are then tricked into copying and executing malicious commands on their devices under the false belief that they are resolving system errors or security issues.
Once executed, these commands can lead to the installation of malware, giving attackers unauthorized access to the victim’s system.
FakeUpdates Also Deployed
In addition to ClickFix, the campaign also uses FakeUpdates, another widely used cyberattack strategy. This method typically involves fake software update notifications that prompt users to download and install malicious files disguised as legitimate updates for browsers, plugins, or operating systems.
Together, these tactics increase the likelihood of successful infections by exploiting user trust and urgency.
Security Experts Warn of Rising Threat
Cybersecurity analysts warn that campaigns like DriveSurge demonstrate an evolving threat landscape where attackers increasingly rely on psychological manipulation rather than purely technical exploits.
SilentPush researchers emphasized that compromised websites play a crucial role in amplifying the reach of such campaigns, as they allow attackers to leverage trusted domains to bypass user suspicion.
Growing Concern Over Web-Based Malware Distribution
The incident highlights the growing risk posed by drive-by malware distribution methods and the abuse of legitimate websites as attack vectors. Experts recommend that organizations strengthen website security, monitor for unauthorized changes, and educate users about social engineering tactics.
As investigations continue, cybersecurity teams are working to identify affected sites and disrupt the infrastructure supporting the DriveSurge campaign.
