We’re seeing a “Missing Font” ClickFix chain in the wild.
Flow:
1️⃣ Fake “Missing Font” prompt
2️⃣ Leads to a BSOD-style recovery screen
3️⃣ Prompts users to open Terminal/PowerShell directly (skipping the Run dialog) and execute commands
This variant leans into a more convincing multi-step user flow compared to typical ClickFix lures.
Curious if others are seeing similar activity?
@TheDFIRReport ErrTraffic have fake missing font template (aka GlitchFix) and is still very active nowadays.
https://censys.com/blog/errtraffic-inside-glitchfix-attack-panel/
I find the second one similar to JackFix:
https://www.acronis.com/en/tru/posts/fake-adult-websites-pop-realistic-windows-update-screen-to-deliver-stealers-via-clickfix/
(I hate all these names)
What is ErrTraffic? ErrTraffic is a Traffic Distribution System (TDS) designed specifically for ClickFix-like campaigns. If you’re not familiar with ClickFix, it’s a social engineering technique where attackers display fake error messages or update prompts to trick users into running malicious commands and/or downloading malware. ErrTraffic takes it further by actually breaking the page visually […]
Oneironaut
The DFIR Report
Bongoknight