DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks
Summary
A malicious traffic distribution system (TDS) dubbed DriveSurge is hijacking thousands of websites to redirect visitors to sites that deliver malware. These redirected sites are used to carry out "ClickFix" and "FakeUpdate" attacks, aiming to monetize through ad fraud and distribute further malware. The operation demonstrates a sophisticated, large-scale approach to compromising legitimate web traffic.
IFF Assessment
This article details a sophisticated and wide-scale operation that hijacks legitimate websites to distribute malware and engage in ad fraud, posing a significant threat to both users and website owners.
Defender Context
Defenders should be aware of the increasing sophistication of traffic distribution systems used for large-scale attacks. Organizations hosting websites should ensure their content management systems and plugins are up-to-date and monitored for unauthorized modifications. End-users should exercise caution when encountering unexpected redirects or pop-ups, as these can be indicators of compromise.