Threats Tagged 'fakeupdates'
View all threats tagged with 'fakeupdates'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'fakeupdates'
Click on any threat for detailed analysis and mitigation recommendations
A New Threat Actor Using ClickFix and Fake Update Drive-By Attacks in Thousands of Compromised Sites 0 DriveSurge is a newly identified threat actor operating as an Initial Access Broker using a Pay-Per-Install model to supply victim leads to downstream actors. The actor has compromised thousands of websites, injecting malicious code that redirects visitors through zTDS (Traffic Distribution System) to deliver malware via two primary methods: FakeUpdates, which impersonate browser update prompts for Chrome, Firefox, Edge, Safari, and eight other browsers; and ClickFix, which tricks users into executing malicious PowerShell commands disguised as fixes. DriveSurge leverages sophisticated infrastructure including bulletproof hosting, obfuscated JavaScript injection patterns, and environment-specific targeting including macOS systems. The operation has been active since at least September 2025, utilizing specific technical fingerprints including unique file naming conventions and server configurations that enable detection and tracking of their evolving infrastructure. Join the discussion | AlienVault OTX General | 05/30/2026, 06:07:03 UTC Added: 06/01/2026, 09:48:36 UTC |
Showing 1 to 1 of 1 result