Overview

The introduction of a new cybercrime tool, ErrTraffic, has raised the concerns of the cybersecurity experts because it is facilitating the whole process of dangerous malware attacks. The tool takes over a known attack method which is called ClickFix and it tricks the users into executing the malicious software on their own machines.

What ErrTraffic Does

ErrTraffic does not stealthily install malware but rather makes websites appear useless or unreliable. When a website that has been compromised is accessed by a user, the website displays fake error messages — for instance, 'broken fonts' or 'damaged layouts.' These messages mislead users into thinking that they have to perform some action, such as updating their browser or installing a plug-in, to fix the problem.

The perpetrator's target is to have the victims execute a command manually — usually by copying it and pasting it into PowerShell — which leads to malware installation. The action appears to be user-initiated, hence it can evade a lot of security measures that usually prevent automated malware.

How Attackers Use It

ErrTraffic, which is capable of operating on various platforms, is created in a way that the attacker merely has to add a basic line of JavaScript into the compromised site to initiate the fraud. The JavaScript identifies the visitor's type of device and thus shows him/her respective counterfeit error messages.

The scam tool reappeared in the underground Russian-speaking cybercrime forums in late 2025 where it became available for approximately $800. Purchasers got a complete control panel and scripts to target several web pages and users' systems as well.

Why It’s a Serious Threat

By looking into the real attack data, it has been found that ErrTraffic campaigns can achieve success rates of up to 60%, which indicates that the majority of users experiencing these fake errors will end up executing the code that compromises their device.

When a device has been infected, the attackers are able to take the user's credentials and then use those to compromise even more sites causing a self-perpetuating cycle of attacks. This cycle is what enables the threat actors to quickly broaden their sphere of influence.

How to Stay Safe

The users were warned by the experts not to put their trust in the pop-ups that ask them to execute commands or set up files. The official settings menus or the trusted update tools should always be the source of browser updates and system updates, and not by random error messages displayed on websites.

Browser, extension, and OS upgrades combined with strong endpoint protection can significantly minimize the risk. Being aware of social engineering tactics, which attackers use to trick users instead of exploiting software vulnerabilities, is also crucial for staying secure.