Caffeine - A new phishing toolkit keeps us awake
A new toolkit has appeared, Caffeine. The registration process has been significantly simplified and moved to the Clear Web.
Chris Wojzechowski Geschäftsführender Gesellschafter TL;DR
Caffeine is a Phishing-as-a-Service (PhaaS) toolkit notable for its unusually low entry barrier: registration is open on the regular internet without needing Telegram or darknet forums. Subscriptions cost $450 for three months or $850 for a six-month enterprise plan and include ready-made phishing templates for Microsoft 365, Chinese, and Russian companies, along with dynamic URL generation, anti-detection features, and customer support. Caffeine lowers the skill threshold for launching phishing campaigns, reflecting a broader trend of commoditized cybercrime tools.
Table of Contents (3 sections)
Caffeine is a phishing-as-a-service (Phaas) toolkit. Just recently, we presented EvilProxy, a phishing toolkit. Unlike EvilProxy, Caffeine has a special feature: the registration process is significantly simplified and is accessible from the normal Internet. Anyone who knows the address of the site can register.
The purpose of Caffeine
As a PhaaS, Caffeine does much of the work for potential attackers. Similar to EvilProxy, current templates for phishing emails and the pages behind them are stored. Thus, extensive templates exist for the Microsoft 365 environment. Mandiant points out this fact in his detailed study of Caffeine.
Interestingly, templates were not only created for large Western companies, but also for Chinese and Russian companies. These templates enable users to quickly and easily plan phishing campaigns and attack companies.
The difference between Caffeine and EvilProxy
On the whole, Caffeine is not much different from EvilProxy. Both toolkits offer PhaaS and a subscription option. A three-month subscription costs $450, while a six-month Enterprise subscription costs $850. These prices are quite high, but the toolkit explicitly advertises customer support and various anti-detection and anti-analysis features. Unlike EvilProxy, registration is not handled via Telegram. There is also no need to visit darknet forums.
Payment is made via a cryptocurrency. Compared to EvilProxy, the barrier to use is thus reduced once again. URLs can be dynamically generated with variables, making detection even more difficult. With a large number of settings, the toolkit offers attackers the possibility to strongly customize their attacks. IP addresses or entire countries can be excluded from the phishing campaigns.
Phishing-as-a-Service becomes even easier to use with Caffeine
The fact that another toolkit for illegal phishing activities has appeared on the market shows how lucrative the phishing business is. Due to the multitude of possibilities, it is becoming increasingly difficult for users to detect phishing. The attacks continue to evolve.
AI-supported phishing will also become a problem in the future. Caffeine does not use any surprisingly new methods here. Phishing-as-a-service is also not a new phenomenon. What is worrying, however, is the development that more and more potential attackers are being tempted by the low barriers to entry to carry out illegal attacks and harm companies.
Monthly Threat Report
Chris Wojzechowski bewertet einmal im Monat die aktuelle Bedrohungslage aus Sicht eines Informationssicherheitsexperten. Sein 30-köpfiges Team ist näher an realen Cyberbedrohungen dran als kaum jemand sonst - mit konkreten Handlungsempfehlungen, die Sie am nächsten Morgen umsetzen können.
Bestseller-Autor (Wiley-VCH) · M.Sc. Internet-Sicherheit · Bekannt aus Handelsblatt & WamS
Zuletzt behandelt
1x im Monat · Kein Spam · Jederzeit abbestellbar · Datenschutz
Next Step
Our certified security experts will advise you on the topics covered in this article — free and without obligation.
Free · 30 minutes · No obligation
