SilentPush has detailed DriveSurge, a threat actor running large-scale malware-distribution campaigns by compromising thousands of websites and using ClickFix and FakeUpdates social engineering. ClickFix tricks visitors into copying and running malicious commands under the pretense of fixing a technical issue; FakeUpdates uses fraudulent browser-update prompts. DriveSurge operates primarily as an initial-access broker on a pay-per-install model, enabling follow-on attacks by other criminals. Compromised-site visitors are routed through a Traffic Distribution System called zTDS that profiles them before redirecting to malware-delivery infrastructure. The model lets DriveSurge monetize hijacked traffic at scale while downstream actors deploy infostealers, loaders, or ransomware. The campaign overlaps with the broader ClickFix surge across the ecosystem.