A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating 'fake glitches' on compromised websites to lure users into downloading payloads or following malicious instructions.
The platform promises conversion rates as high as 60% and can determine the target system to deliver compatible payloads.
ClickFix is a social engineering technique where targets are tricked into executing dangerous commands on their systems under believable pretenses, such as fixing technical problems or validating their identity.
It has grown in popularity since 2024, especially this year, as both cybercriminals and state-sponsored actors have adopted it for its effectiveness in bypassing standard security controls.
Automating ClickFix
ErrTraffic is a new cybercrime platform first promoted on Russian-speaking hacking forums earlier this month by someone using the alias LenAI.
It functions as a self-hosted traffic distribution system (TDS) that deploys ClickFix lures and is sold to customers for a one-time purchase of $800.
Service promoted on hacker forums
Source: Hudson Rock
Hudson Rock researchers who analyzed the platform report that it offers a user-friendly panel that provides various configuration options and access to real-time campaign data.
... continue reading