Skip to main content

This dangerous new hacker tool makes phishing worryingly easy

Setting up phishing campaigns for Microsoft 365 has become a relatively straightforward process due to a phishing-as-a-service (PhaaS) platform named Caffeine.

As reported by Bleeping Computer, the service offers a way for cybercriminals to target individuals in order to obtain access to their Microsoft 365 accounts.

Computer user touching on Microsoft word icon to open the program.

Researchers from cybersecurity company Mandiant released a report on Caffeine after uncovering it recently. They discovered the service following an investigation into a phishing campaign derived from Caffeine, which saw threat actors focusing Caffeine’s efforts on one of the firm’s clients.

Unlike other platforms, anyone interested can access Caffeine without the requirement of invites or referrals. Another trait that is common among such services is receiving approval from an admin on a Telegram group or hacking forum. However, this screening process is also not needed by Caffeine.

Although the majority of PhaaS platforms target western regions, the phishing templates for Caffeine in particular revolve around both Russian and Chinese platforms.

After a threat actor has created their account, they gain access to the Caffeine Store, a central hub featuring tools for setting up phishing campaigns. Of course, the service isn’t offered for free. A subscription license is priced at $250 per month, while the more premium options cost $450 (three months) and $850 (six months).

The subscription tiers for a phishing platform.
Image source: Mandiant/Bleeping Computer Image used with permission by copyright holder

The aforementioned prices are around three to five times higher than an average PhaaS subscription. That said, it delivers both anti-detection and anti-analysis systems, in addition to customer support.

Once the phishing campaign has been set up, the phishing kit itself — a Microsoft 365 login page — is launched, after which a phishing template has to be selected. A Python or PHP-based email management utility are other convenient tools that are also offered to distribute phishing emails to targets.

Mandiant has detailed how to detect phishing emails from Caffeine, but the fact remains that when additional templates are added to Caffeine, it’ll become an even more attractive platform for setting up phishing campaigns. When factoring in the automated aspect of the service, newcomers to PhaaS can launch their cyber attacks with ease.

Scammers have previously attempted to send out fake Microsoft Office USB sticks to infect a target’s system with ransomware.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Asus ROG Ally X vs. Steam Deck OLED: Has the champion been dethroned?
The Asus ROG Ally X console.

It's not much of an overstatement to say that when Valve released the original Steam Deck, it started a real handheld PC revolution. Launching the Steam Deck OLED only emphasized that while there may be other, more powerful consoles on the market now, Valve's offering still stands strong against the competition. But can it hold its ground against the Asus ROG Ally X?

The two handhelds have more in common than it might seem at first glance. While both are refreshes, neither is a full-blown version 2.0. How do they stack up against each other, though? We've reviewed both ourselves, so we now know the answer to that question. Read our comparison to find out which device wins in a battle between the Asus ROG Ally X and the Steam Deck OLED.

Read more
The best 5K monitors you can buy for max resolution
A person using the Dell UltraSharp 40 U4025QW 40-inch curved Thunderbolt hub monitor with a Dell laptop on a desk.

We all know that 5K monitors come with a relatively steep price tag. However, they remain a top choice among serious creative professionals, including photographers, videographers, filmmakers, and graphic designers. These displays not only deliver exceptionally sharp and detailed imagery but also feature high-end, factory-calibrated panels to ensure precise color reproduction.

A true 5K resolution is defined as 5120 by 2880 pixels, with many manufacturers emphasizing the horizontal pixel count. It's important to note that only a few monitors offer this exact resolution. Therefore, we have compiled a list of the top monitors that also provide a 5K2K resolution (5120 by 2160 pixels).

Read more
The popular HP Omen gaming PC has a $700 discount today — 34% off!
HP Omen 45L sitting on a table.

If you're planning to buy a new gaming PC, we highly recommend checking out HP's offer for the HP Omen 45L. This configuration with the Nvidia GeForce RTX 4060 Ti graphics card, which usually sells for $2,050, is down to $1,340 following a 34% discount. That's $710 in savings that you won't find anywhere else, and that you may miss if you take too long thinking whether or not you should take advantage of this bargain. You're going to regret it if you let this opportunity slip through your fingers, so you should proceed with your purchase immediately.

Why you should buy the HP Omen 45L gaming desktop
For those thinking about upgrading their gaming PC, you can't go wrong with the popular HP Omen 45L. The machine promises high-quality gaming performance with the Nvidia GeForce RTX 4060 Ti, which sits at the sweet spot for higher-end graphics cards, according to our guide on how to buy a gaming desktop. Combined with the 13th-generation Intel Core i7 processor and 16GB of RAM, you're going to get a gaming PC that will be able to run the best PC games without any issues, albeit not at their highest settings. You may need to install better components in the future once the upcoming PC games of a few years down the line arrive, but that will be easy to do with the tool-less design of the HP Omen 45L.

Read more