New Errtraffic Service Enables Clickfix Attacks Via Fake Browser...

A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating 'fake glitches' on compromised websites to lure users into downloading payloads or following malicious instructions.

The platform promises conversion rates as high as 60% and can determine the target system to deliver compatible payloads.

ClickFix is a social engineering technique where targets are tricked into executing dangerous commands on their systems under believable pretenses, such as fixing technical problems or validating their identity.

It has grown in popularity since 2024, especially this year, as both cybercriminals and state-sponsored actors have adopted it for its effectiveness in bypassing standard security controls.

ErrTraffic is a new cybercrime platform first promoted on Russian-speaking hacking forums earlier this month by someone using the alias LenAI.

It functions as a self-hosted traffic distribution system (TDS) that deploys ClickFix lures and is sold to customers for a one-time purchase of $800.

Hudson Rock researchers who analyzed the platform report that it offers a user-friendly panel that provides various configuration options and access to real-time campaign data.

The attacker must already control a website that accepts victim traffic, or has injected malicious code into a legitimate, compromised website, and then add ErrTraffic to it via an HTML line.

The site’s behavior remains the same for regular visitors who do not match the targeting criteria, but when geolocation and OS fingerprinting conditions are met, the page’s DOM is modified to display a visual glitch.

The issues may include corrupted or illegible text, font replacement with symbols, fake Chrome updates, or missing system font errors.

Source: BleepingComputer