Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

DriveSurge, operating as an initial access broker on a pay‑per‑install model, has compromised thousands of legitimate websites and uses the zTDS traffic distribution system to profile visitors and serve ClickFix and FakeUpdates lures that deliver malicious payloads (including Windows executables and a macOS-targeting JavaScript). Silent Push researchers identified injection patterns (t.js?site=<id>), roughly 80 malicious injection domains, pre-weaponized domains, and other technical fingerprints; users are advised to update browsers only via built-in app menus and avoid executing unknown commands.