A new SMS phishing tool, DevilTraff, is emerging as a major threat in the cybersecurity landscape, enabling cybercriminals to launch large-scale smishing campaigns with unprecedented ease and efficiency.
This platform’s advanced features, including sender ID spoofing and API automation, make it a potent weapon for orchestrating phishing attacks globally.
DevilTraff is a bulk SMS platform designed to send high volumes of messages, often impersonating trusted organizations like banks or government agencies.
Its core capabilities include:-
For example, a smishing attack might involve a message stating, “Suspicious activity detected on your account. Click here to secure your account.”
Security researchers at SlashNext noted that when victims click the link, they are redirected to a fake website designed to steal their credentials or install malware.
The API integration in DevilTraff is particularly concerning.
With pricing as low as $0.02 per SMS and a $10 minimum deposit, DevilTraff is accessible even to low-level cybercriminals. Its global routes span countries like Turkey, Brazil, France, and Australia, ensuring a wide reach. Private routes are also available for exclusive campaigns targeting specific organizations or individuals.
Smishing attacks powered by platforms like DevilTraff are increasingly sophisticated. They often exploit social engineering tactics to manipulate victims into revealing sensitive information or downloading malware. Common scenarios include:-
Organizations must strengthen their defenses against such threats by adopting advanced anti-phishing solutions. As the anti-phishing solutions provide real-time threat detection and prevention for mobile devices, while multi-factor authentication (MFA) can add an extra layer of security.
Moreover, raising awareness about smishing tactics among employees and individuals is critical. Suspicious messages should be reported immediately using services like 7726 (SPAM) in many countries.
Collect Threat Intelligence with TI Lookup to Improve Your Company’s Security - Get 50 Free Request

source