Awareness Services

Caffeine – A new phishing toolkit keeps us awake

Caffeine – A new phishing toolkit keeps us awake

Caffeine is a phishing-as-a-service (Phaas) toolkit. Just recently, we presented EvilProxy, a phishing toolkit. Unlike EvilProxy, Caffeine has a special feature: the registration process is significantly simplified and is accessible from the normal Internet. Anyone who knows the address of the site can register.

The purpose of Caffeine

As a PhaaS, Caffeine does much of the work for potential attackers. Similar to EvilProxy, current templates for phishing emails and the pages behind them are stored. Thus, extensive templates exist for the Microsoft 365 environment. Mandiant points out this fact in his detailed study of Caffeine.

Interestingly, templates were not only created for large Western companies, but also for Chinese and Russian companies. These templates enable users to quickly and easily plan phishing campaigns and attack companies.

The difference between Caffeine and EvilProxy

On the whole, Caffeine is not much different from EvilProxy. Both toolkits offer PhaaS and a subscription option. A three-month subscription costs $450, while a six-month Enterprise subscription costs $850. These prices are quite high, but the toolkit explicitly advertises customer support and various anti-detection and anti-analysis features. Unlike EvilProxy, registration is not handled via Telegram. There is also no need to visit darknet forums.

Payment is made via a cryptocurrency. Compared to EvilProxy, the barrier to use is thus reduced once again. URLs can be dynamically generated with variables, making detection even more difficult. With a large number of settings, the toolkit offers attackers the possibility to strongly customize their attacks. IP addresses or entire countries can be excluded from the phishing campaigns.

Phishing-as-a-Service becomes even easier to use with Caffeine

The fact that another toolkit for illegal phishing activities has appeared on the market shows how lucrative the phishing business is. Due to the multitude of possibilities, it is becoming increasingly difficult for users to detect phishing. The attacks continue to evolve.

AI-supported phishing will also become a problem in the future. Caffeine does not use any surprisingly new methods here. Phishing-as-a-service is also not a new phenomenon. What is worrying, however, is the development that more and more potential attackers are being tempted by the low barriers to entry to carry out illegal attacks and harm companies.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.