Cybersecurity experts are sounding the alarm about a new SMS-based phishing tool, Devil-Traff, that is enabling large-scale cyberattacks worldwide.
By exploiting trust and leveraging advanced automation, this malicious platform empowers attackers to conduct high-volume phishing campaigns with devastating results.
How Phishing Works Through SMS
Imagine an employee receives a seemingly legitimate text message from their bank: “Suspicious activity detected on your account.
Click here to secure your account.” Or perhaps a message mimicking IT support: “Your password will expire soon. Click here to reset it.”
At first glance, these messages appear credible, often tricking recipients into clicking malicious links or sharing sensitive information.
Using tools like Devil-Traff, cybercriminals can send thousands of such fraudulent messages within minutes.
A single misstep—such as entering credentials into a phishing site—can lead to compromised accounts, unauthorized access to sensitive systems, or even large-scale data breaches.
What Is Devil-Traff?
As per a report by Slash Next, Devil-Traff is a bulk SMS service that has become a favorite amongst cybercriminals.
Its features include customizable sender IDs, API integration for automated campaigns, and support for “black content,” which refers to malicious or illegal messaging.
These capabilities allow attackers to impersonate trusted organizations such as banks, government offices, or tech companies.
For example, cybercriminals might send messages appearing to be from “PayPal Support,” alerting users to suspicious activity and urging them to click a fraudulent link.
Another common attack involves intercepting one-time passwords (OTPs). By posing as service providers, attackers can trick victims into revealing OTPs, bypassing two-factor authentication (2FA), and gaining access to sensitive accounts.
Devil-Traff’s primary strength lies in its advanced automation and scalability. Through API integration, attackers can automate entire phishing campaigns with minimal manual effort, sending thousands of SMS messages across multiple countries in minutes.
The platform also uses macros to optimize delivery rates and bypass spam filters, ensuring a higher success rate for phishing attempts.
At a cost as low as $0.02 per message, Devil-Traff is an affordable and highly efficient tool for cybercriminals.
The popularity of bulk SMS platforms like Devil-Traff is rising within cybercrime forums, where users exchange tips, phone number databases, and strategies for optimizing campaigns.
These marketplaces even offer private routes—for example, using specific sender IDs such as “Binance Support”—to maximize the effectiveness of targeted attacks.
As SMS phishing attacks increase in sophistication, experts urge organizations and individuals to remain vigilant.
In a hyper-connected world, it only takes one click to compromise a network. Platforms like Devil-Traff serve as a stark reminder that cybersecurity must evolve as quickly as the threats it seeks to combat.
Collect Threat Intelligence with TI Lookup to improve your company’s security - Get 50 Free Request
