Caffeine is a phishing-as-a-service (Phaas) toolkit. Just recently, we presented EvilProxy, a phishing toolkit. Unlike EvilProxy, Caffeine has a special feature: the registration process is significantly simplified and is accessible from the normal Internet. Anyone who knows the address of the site can register.
The purpose of Caffeine
As a PhaaS, Caffeine does much of the work for potential attackers. Similar to EvilProxy, current templates for phishing emails and the pages behind them are stored. Thus, extensive templates exist for the Microsoft 365 environment. Mandiant points out this fact in his detailed study of Caffeine.
Interestingly, templates were not only created for large Western companies, but also for Chinese and Russian companies. These templates enable users to quickly and easily plan phishing campaigns and attack companies.
The difference between Caffeine and EvilProxy
On the whole, Caffeine is not much different from EvilProxy. Both toolkits offer PhaaS and a subscription option. A three-month subscription costs $450, while a six-month Enterprise subscription costs $850. These prices are quite high, but the toolkit explicitly advertises customer support and various anti-detection and anti-analysis features. Unlike EvilProxy, registration is not handled via Telegram. There is also no need to visit darknet forums.
Payment is made via a cryptocurrency. Compared to EvilProxy, the barrier to use is thus reduced once again. URLs can be dynamically generated with variables, making detection even more difficult. With a large number of settings, the toolkit offers attackers the possibility to strongly customize their attacks. IP addresses or entire countries can be excluded from the phishing campaigns.
Phishing-as-a-Service becomes even easier to use with Caffeine
The fact that another toolkit for illegal phishing activities has appeared on the market shows how lucrative the phishing business is. Due to the multitude of possibilities, it is becoming increasingly difficult for users to detect phishing. The attacks continue to evolve.
AI-supported phishing will also become a problem in the future. Caffeine does not use any surprisingly new methods here. Phishing-as-a-service is also not a new phenomenon. What is worrying, however, is the development that more and more potential attackers are being tempted by the low barriers to entry to carry out illegal attacks and harm companies.