Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
According to BleepingComputer, the threat actor DriveSurge has been running large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on thousands of compromised websites. The attacks involve injecting malicious scripts into legitimate sites, which then display fake browser update notifications or error messages prompting users to click a button to 'fix' an issue. Clicking the button downloads malware, such as information stealers or remote access trojans. The campaigns have been observed since early 2026, with thousands of sites affected across various industries. The attackers likely gained access to these sites through stolen credentials or vulnerabilities in content management systems. The malware payloads can steal credentials, cookies, and other sensitive data, potentially leading to further compromise of user accounts and systems. Site owners are advised to audit their sites for unauthorized changes, update all software, and use strong, unique passwords.
Compromised sites can infect visitors with malware, leading to credential theft and system compromise.