ErrTraffic Service Enables ClickFix Attacks via Fake Browser Glitches

What happened

The ErrTraffic service enables ClickFix attacks by generating fake browser error messages on compromised websites to trick users into running malicious commands, leading to malware installation. The tool is sold as a service and supports multiple operating systems, including Windows, macOS, Linux, and Android.

Who is affected

Organizations with public-facing websites and users who visit compromised pages are at risk. Attackers can abuse trusted sites to distribute malware, potentially leading to credential theft, data compromise, and endpoint infections inside corporate environments.

Why CISOs should care

ClickFix attacks blend social engineering with technical deception, bypassing traditional phishing defenses. This technique increases the likelihood of user-initiated compromise from otherwise legitimate websites, expanding the attack surface beyond email-based threats.

3 practical actions

1. Web integrity monitoring: Detect unauthorized script injections or page behavior changes on corporate websites.
2. User awareness training: Educate users to distrust browser prompts requesting manual command execution.
3. Endpoint execution controls: Restrict unauthorized script and command execution on endpoints.

John Kevin Hao

+ postsBio ⮌

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

• John Kevin Hao

  CISO Diaries: Alessio Cipolletta on Security in Safety-Critical Aviation Environments
• John Kevin Hao

  FBI Warns of Kali365 Phishing-as-a-Service Platform After April Microsoft 365 Attacks
• John Kevin Hao

  Ukraine Probes Teen Suspect in Cyber Theft Scheme Targeting California Online Shoppers
• John Kevin Hao

  CISO Diaries: Jason Scanlon on Security Culture, Leadership, and the Human Side of Cybersecurity