What happened
The ErrTraffic service enables ClickFix attacks by generating fake browser error messages on compromised websites to trick users into running malicious commands, leading to malware installation. The tool is sold as a service and supports multiple operating systems, including Windows, macOS, Linux, and Android.
Who is affected
Organizations with public-facing websites and users who visit compromised pages are at risk. Attackers can abuse trusted sites to distribute malware, potentially leading to credential theft, data compromise, and endpoint infections inside corporate environments.
Why CISOs should care
ClickFix attacks blend social engineering with technical deception, bypassing traditional phishing defenses. This technique increases the likelihood of user-initiated compromise from otherwise legitimate websites, expanding the attack surface beyond email-based threats.
3 practical actions
- Web integrity monitoring: Detect unauthorized script injections or page behavior changes on corporate websites.
- User awareness training: Educate users to distrust browser prompts requesting manual command execution.
- Endpoint execution controls: Restrict unauthorized script and command execution on endpoints.