Experts warn that a new Phishing-as-a-Service (Phaas) platform might provide even inexperienced hackers the tools they need to handle potentially disastrous attacks against Microsoft 365.
According to mandiant, "Caffeine" removes quite the friction that is common in competing services, making it problematic in stealing passwords (opens in a new tab) and other sensitive data.
While both fairly expensive, it also comes with plenty of advanced features and provides templates for Chinese and Russian victims.
Caffeine hit
According to the research, the new platform does not require referrals or invitations, for users to become members.
There is no need for admin approval via Telegram or hacking forums, but users must complete their own registration and pay for a subscription fee, which they are good to go. When it comes to licenses, there are three options: a monthly subscription costing $250, a three-month package costing $450, and a six-month one worth $850.
Caffeine is priced at around 3-5 times the usual PhaaS, but customers get them in return are anti-detection and anti-analysis systems, as well as customer support. Caffeine also includes a host of advanced phishing features, including customization for dynamic URL schemas, first-stage campaign redirect pages, final lure pages, and IP blocklisting options that can be blocked per location, or CIDR range.
While investigating a large-scale phishing investigation, Mandiant claims it received Caffeine (opens in a new tab) Microsoft 365 account credentials. While the service has templates for Chinese and Russian markets, researchers anticipate additional features to be introduced soon.
According to reports, customers may reduce on external tools by using Python or PHP email management utility tools.
Phishing is still the number one attack vector for most successful attacks these days, with thieves constantly reinventing themselves and discovering new methods to distribute viruses and malware. Recent research revealed crooks using multiple fake email addresses and engaging in entire fake conversations with themselves, only adding the victim to the CC to build trust. They would only engage with the victim at a later stage, once any concern about the legitimacy of the conversation was removed.