
The official sales thread for Devil-Traff SMS platform | Source: SlashNext
Security researcher Daniel Kelley at SlashNext has unveiled a new threat to cybersecurity: Devil-Traff, a bulk SMS platform increasingly exploited by cybercriminals to launch large-scale phishing campaigns.
Kelley’s report reveals how Devil-Traff’s features, such as sender ID customization, API integration, and support for “black content,” are being misused to deliver thousands of fraudulent messages in minutes. Attackers leverage these capabilities to impersonate trusted organizations like banks or government agencies, tricking victims into clicking malicious links or revealing sensitive information like one-time passwords (OTPs).
“By enabling mass phishing campaigns and other malicious operations at a low cost, Devil-Traff exemplifies the role of bulk SMS platforms in modern cybercrime,” warns Kelley.
The report highlights the platform’s user-friendly interface and sophisticated tools, including macros that optimize delivery rates and bypass spam filters. This accessibility, coupled with affordable pricing (starting at $0.02 per SMS), makes Devil-Traff an attractive tool for cybercriminals.
Kelley’s investigation also uncovered a thriving online community where users share tips on maximizing the effectiveness of Devil-Traff for malicious purposes. This collaborative environment further fuels the platform’s misuse and contributes to the growing threat of SMS-based phishing attacks.
Organizations and individuals must be vigilant and take necessary precautions to protect themselves from such attacks.