MalwareBleeping Computer
8.0 — CRITICAL
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
DriveSurge, a threat actor tracked as an initial access broker (IAB), has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on thousands of compromised websites, targeting users with phishing attacks.
⚙️Technical Details
Affected Systems
WindowsmacOS desktop systems
Attack Vectors
ClickFix social engineering tacticFakeUpdates attacks impersonating browser updates
💥Impact Assessment
Severity: high
Who Is at Risk
Users visiting compromised websites, particularly those using outdated software or unaware of security best practices.
🛡️Recommended Actions
1Download browser updates only from the app's settings menu (About > Check for Updates)
2Avoid executing commands in the Windows command prompt or Terminal that they don’t fully understand
3Use automated pentesting tools to validate network security controls and detection rules
📦Affected Products
ChromeFirefoxEdgeSafariOperaBraveYandexVivaldiSamsung InternetUC Browser
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.