TLDR
Threat actor DriveSurge has compromised thousands of legitimate, high reputation websites and is silently redirecting visitors to malware payloads via two well known social engineering lures: ClickFix (fake verification pages that ask you...
How it works
Threat actor DriveSurge has compromised thousands of legitimate, high reputation websites and is silently redirecting visitors to malware payloads via two well known social engineering lures: ClickFix (fake verification pages that ask you...
Red flags
- A popup or page claiming a CAPTCHA/verification failed and asking you to open Run, Terminal, or PowerShell and paste a command. A browser update prompt appearing while browsing a random website (real updates live in the browser's own settings menu). A downloaded "update" delivered as a ZIP with multiple DLLs and an .exe installer
What to do
- 1Never paste commands from a webpage into Windows Run, cmd, PowerShell, or macOS Terminal. Update browsers only via the app'
Source
bleepingcomputer
Source reviewed by Mythos Forensic Team
https://www.bleepingcomputer.com/news/security/hackers-hijack-thousands-of-sites-for-clickfix-and-fakeupdate-attacks/FAQ
Is ClickFix and FakeUpdate attacks hijack thousands of legitimate sites to push malware a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
A popup or page claiming a CAPTCHA/verification failed and asking you to open Run, Terminal, or PowerShell and paste a command. A browser update prompt appearing while browsing a random website (real updates live in the browser's own settings menu). A downloaded "update" delivered as a ZIP with multiple DLLs and an .exe installer
What should I do first?
Never paste commands from a webpage into Windows Run, cmd, PowerShell, or macOS Terminal. Update browsers only via the app'
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.