DriveSurge Threat Cluster Exploits Thousands of Websites Globally

DriveSurge is a global, profit-driven initial access campaign that leverages the open-source zTDS traffic distribution system to compromise thousands of legitimate websites and deliver malware via convincing FakeUpdate prompts and clipboard-hijacking ClickFix prompts; analysts have identified injection fingerprints, domain registration patterns (.icu via NiceNIC and tempmail.so contact), and remediation steps for defenders.