A new SMS phishing tool, DevilTraff, is emerging as a major threat in the cybersecurity landscape, enabling cybercriminals to launch large-scale smishing campaigns with unprecedented ease and efficiency.
This platform’s advanced features, including sender ID spoofing and API automation, make it a potent weapon for orchestrating phishing attacks globally.
.webp)
DevilTraff is a bulk SMS platform designed to send high volumes of messages, often impersonating trusted organizations like banks or government agencies.
Its core capabilities include:-
- Sender ID Customization: Attackers can manipulate the sender ID to appear as legitimate entities, such as “PayPal Support” or “Bank Alerts,” tricking victims into trusting the messages.
- API Integration: This feature allows seamless automation of phishing campaigns, enabling thousands of messages to be sent with minimal manual effort.
- Macros for Optimization: These tools help bypass spam filters and increase delivery rates across different regions.
- Support for Black Content: The platform facilitates sending malicious links or messages that would typically be flagged by telecom providers.
For example, a smishing attack might involve a message stating, “Suspicious activity detected on your account. Click here to secure your account.”
Security researchers at SlashNext noted that when victims click the link, they are redirected to a fake website designed to steal their credentials or install malware.
The API integration in DevilTraff is particularly concerning.
.webp)
Global Reach and Affordability
With pricing as low as $0.02 per SMS and a $10 minimum deposit, DevilTraff is accessible even to low-level cybercriminals. Its global routes span countries like Turkey, Brazil, France, and Australia, ensuring a wide reach. Private routes are also available for exclusive campaigns targeting specific organizations or individuals.
Smishing attacks powered by platforms like DevilTraff are increasingly sophisticated. They often exploit social engineering tactics to manipulate victims into revealing sensitive information or downloading malware. Common scenarios include:-
- OTP interception attacks that bypass two-factor authentication.
- Fake package delivery notifications during peak shopping seasons.
- Impersonation of IT support teams to harvest login credentials.
Organizations must strengthen their defenses against such threats by adopting advanced anti-phishing solutions. As the anti-phishing solutions provide real-time threat detection and prevention for mobile devices, while multi-factor authentication (MFA) can add an extra layer of security.
Moreover, raising awareness about smishing tactics among employees and individuals is critical. Suspicious messages should be reported immediately using services like 7726 (SPAM) in many countries.
Collect Threat Intelligence with TI Lookup to Improve Your Company’s Security - Get 50 Free Request
