Cybersecurity experts are sounding the alarm over a new SMS-based phishing tool called Devil-Traff, which is being used to carry out large-scale cyberattacks across the globe. The platform has gained popularity among cybercriminals due to its advanced automation and bulk messaging capabilities, allowing attackers to send thousands of fraudulent messages in a short time. These messages, which often impersonate trusted organizations such as banks or IT support, deceive recipients into clicking malicious links or sharing sensitive information, leading to compromised accounts and potential data breaches.
Devil-Traff’s strength lies in its automation features, which allow attackers to launch phishing campaigns with minimal manual effort.
Through API integration, the platform can send high volumes of targeted messages across multiple countries in minutes. It also uses macros to optimize delivery rates and bypass spam filters, ensuring a higher success rate for phishing attempts. The tool’s affordability, with costs as low as $0.02 per message, makes it an attractive option for cybercriminals, further driving its adoption.
The tool’s customizable sender IDs and support for “black content” enable attackers to impersonate trusted brands, such as PayPal or government offices, enhancing the credibility of their attacks. For example, a victim might receive a message appearing to be from PayPal Support, warning of suspicious activity and prompting them to click on a fraudulent link. Another common method involves intercepting one-time passwords (OTPs), where attackers trick victims into revealing their OTPs and bypassing two-factor authentication (2FA), gaining unauthorized access to accounts.
As SMS phishing attacks become more sophisticated, experts stress the need for organizations and individuals to stay vigilant and implement strong security measures. Devil-Traff serves as a stark reminder that cybersecurity must evolve in response to the growing threats posed by such tools. In today’s hyper-connected world, even a single click on a malicious link can lead to severe consequences, highlighting the importance of remaining cautious and proactive in the face of ever-evolving cyber threats.