CyberWire Daily
CyberWire Daily
CyberWire Daily·Jul 18, 2026·17m·Episode #433

When trusted sites turn. [Research Saturday]

Show notes

Lauren Fievisohn, Ph.D, Senior Threat Researcher from Silent Push, is sharing their work on "Meet DriveSurge: A New Threat Actor Using ClickFix and Fake Update Drive-By Attacks in Thousands of Compromised Sites." Silent Push researchers have identified a newly named threat actor, DriveSurge, which has compromised thousands of legitimate websites and uses ClickFix and fake browser update lures to distribute malware at scale through a pay-per-install operation.

The group leverages a traffic distribution system called zTDS to silently redirect visitors from trusted websites to malicious payloads, while employing sophisticated infrastructure, obfuscation, and fingerprinting techniques to evade detection. The report also details how DriveSurge targets both Windows and macOS users and provides defenders with eight infrastructure fingerprints to help identify and disrupt the campaign.

The research and executive brief can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices