Skip to main content

This dangerous new hacker tool makes phishing worryingly easy

Setting up phishing campaigns for Microsoft 365 has become a relatively straightforward process due to a phishing-as-a-service (PhaaS) platform named Caffeine.

As reported by Bleeping Computer, the service offers a way for cybercriminals to target individuals in order to obtain access to their Microsoft 365 accounts.

Related Videos
Computer user touching on Microsoft word icon to open the program.

Researchers from cybersecurity company Mandiant released a report on Caffeine after uncovering it recently. They discovered the service following an investigation into a phishing campaign derived from Caffeine, which saw threat actors focusing Caffeine’s efforts on one of the firm’s clients.

Unlike other platforms, anyone interested can access Caffeine without the requirement of invites or referrals. Another trait that is common among such services is receiving approval from an admin on a Telegram group or hacking forum. However, this screening process is also not needed by Caffeine.

Although the majority of PhaaS platforms target western regions, the phishing templates for Caffeine in particular revolve around both Russian and Chinese platforms.

After a threat actor has created their account, they gain access to the Caffeine Store, a central hub featuring tools for setting up phishing campaigns. Of course, the service isn’t offered for free. A subscription license is priced at $250 per month, while the more premium options cost $450 (three months) and $850 (six months).

The subscription tiers for a phishing platform.
Image source: Mandiant/Bleeping Computer

The aforementioned prices are around three to five times higher than an average PhaaS subscription. That said, it delivers both anti-detection and anti-analysis systems, in addition to customer support.

Once the phishing campaign has been set up, the phishing kit itself — a Microsoft 365 login page — is launched, after which a phishing template has to be selected. A Python or PHP-based email management utility are other convenient tools that are also offered to distribute phishing emails to targets.

Mandiant has detailed how to detect phishing emails from Caffeine, but the fact remains that when additional templates are added to Caffeine, it’ll become an even more attractive platform for setting up phishing campaigns. When factoring in the automated aspect of the service, newcomers to PhaaS can launch their cyber attacks with ease.

Scammers have previously attempted to send out fake Microsoft Office USB sticks to infect a target’s system with ransomware.

Editors' Recommendations

Passwords are hard and people are lazy, new report shows
Mac privacy tips: 1Password

Despite ongoing efforts by security researchers and internet titans to push us to use stronger passwords and two-factor authentication to secure online accounts, people are lazy and continue to make serious mistakes that jeopardize their privacy and security, a new report shows.

A new survey that delves into password selection shows an alarmingly high number of people reuse passwords across multiple accounts. If you are doing this, you should be aware that it only takes one security breach to put all of your accounts at risk. Hackers know that this is a common practice and will try the same stolen passwords at every popular online service in hopes of gaining easy access.

Read more
DuckDuckGo’s new browser could help keep Mac users safe on the web
DuckDuckGo is a privacy-first web browser.

DuckDuckGo is a relatively well-known alternative to the dominant Google search engine but it also makes a DuckDuckGo web browser for iPhone and Android phones that places your privacy and security first. Now the DuckDuckGo browser is available for your Mac computer as a public beta.

The top feature of DuckDuckGo's browser has always been a convenient Fire button in the upper right corner of every window that burns up browser history, cookies, web caches, and visited URLs keeping your privacy safe with a single click, even on a shared computer. Many more features than that have been added. Duck Player is included and prevents YouTube from using ad tracking, cookies, and recommended videos. DuckDuckGo email is similar to Apple's Hide My Email, providing an @duck.com address that redirects to your actual account and which can easily be switched off if overrun with spam.

Read more
Microsoft Edge now warns when your typos can lead to being phished
Microsoft Defender SmartScreen helps protect users against websites that engage in phishing and malware campaigns.

Microsoft has detailed its latest effort to protect against various types of fraud that can happen via a method as simple as spelling a website URL incorrectly.

The company has announced as of Monday that it is adding website typo protection to its Microsoft Defender SmartScreen service, to aid against web threats such as “typosquatters.” These types of cybercrime can include phishing, malware, and other scams.

Read more