THE ErrTraffic malware, a ClickFix distribution framework, is sold as a service by the threat actor known as 'LenAI'. It primarily targets visitors to compromised WordPress sites and developers via fake AI platforms. Attackers inject malicious JavaScript, displaying deceptive lures such as fake CAPTCHA prompts to trick users into executing PowerShell commands that lead to payload downloads. ErrTraffic uses 'EtherHiding' via the Polygon blockchain for command and control (C2) to remain hidden and evade detection.
It's a growing Malware-as-a-Service (MaaS), with increasing subscription costs. Defensive measures include enabling PowerShell logging, auditing plugins, and enforcing strong authentication.