Mastodawn

Sekoia.io 2d ago

#TDR analysts published a new report detailing #ErrTraffic, a widespread #ClickFix malware distribution framework.

ErrTraffic injects malicious JavaScript into compromised WordPress and malicious sites to serve ClickFix lures.

https://blog.sekoia.io/unveiling-errtraffic-inside-a-growing-clickfix-malware-distribution-framework/

Show thread

Sekoia.io 2d ago

The ErrTraffic MaaS offering includes:

- The EtherHiding technique to retrieve the C2 from Polygon smart contracts
- A Traffic Distribution System (TDS) to filter unwanted traffic
- Various ClickFix lures

LenAI, the operator behind ErrTraffic, sells subscriptions for $380/month

Show thread

Sekoia.io

Our forensic analysis of compromised WordPress servers helped us to cluster ErrTraffic and map affiliates' TTPs and backdoors.

We notably identified two distinct clusters: "Analytics" operated by a single threat actor, and "Beer" likely operated by LenAI for affiliates.

Show thread

Sekoia.io 2d ago

This blog post details the ErrTraffic threat and its associated ecosystem, highlighting three specific campaigns and their operators’ arsenal. Finally, it provides several analytical hypotheses regarding the MaaS operations and the organisation of these affiliate groups.