New Phishing-as-a-Service Tool Poses Significant Risks
A new phishing-as-a-service tool, known as Caffeine, has become popular among cybercriminals looking to steal data.
New Phishing-as-a-Service Tool Lets Anyone Conduct Phishing
Researchers have warned of a dangerous new kind ofphishing-as-a-service (PhaaS)tool that lets cybercriminals conduct phishing by leveraging Microsoft 365.
You may have heard ofransomware-as-a-service (RaaS)before, but phishing-as-a-service is now becoming just as popular. In this venture, malicious actors can pay a fee to access Caffeine’s phishing tool, which they can then use in their own attacks. Caffeine’s rates currently stand at $250 per month, $450 for three months, and $850 for six months.
What’s particularly nefarious about Caffeine is that it doesn’t require invites or referrals for sign-up. This makes the platform accessible to anyone who wants to use it, regardless of their skill level or illicit connections.
Caffeine Offers a Range of Dangerous Features
In ablog postpublished by cybersecurity firm Mandiant, it was stated that Caffeine “allows users to pick and choose granular configuration settings for use in their credential phishing campaigns”. This feature offers the following:
In the same blog post, Mandiant stated that Caffeine also offers “several options to blacklist IP addresses within CIDR ranges and block connections based on their points of origin”. There is also a Python or PHP-based email management utility offered by Caffeine that allows users to send phishing emails to targets. Cybercriminals can even target Chinese and Russian platforms via Caffeine, an option that isn’t offered by many other services.
While Caffeine isn’t a revolutionary tool in terms of its features, it can certainly do a lot of damage, especially given its ease of accessibility.
Caffeine Puts Microsoft 365 Users at Risk
In Caffeine-based attacks, cybercriminals can compromiseMicrosoft 365 accountsvia the theft of login credentials. This is done via malicious login windows hosted by WordPress.
Through a Microsoft 365 hack, a malicious actor can access all kinds of data, from private communications, to images and videos, to sensitive documents. From here, a cybercriminal could either use the information directly for their own benefit or sell it on an illicit marketplace to other threat actors.
Phishing Continues to Grow in Prevalence
As we entrust more of our data to online accounts, the threat of phishing attacks becomes ever more severe. And, with so many individuals not knowing about key phishing indicators, it can be easy for cybercriminals to swindle victims into unknowingly divulging their sensitive data.
How can you spot a fake PayPal email? How can you confirm a PayPal email is real? Here’s why there’s a good chance that message is actually spam.
It’s not super flashy, but it can help to keep your computer up and running.
It saves me hours and keeps my sanity intact.
Goodbye sending links via other apps.
Freeing up vital memory on Windows only takes a moment, and your computer will feel much faster once you’re done.
One casual AI chat exposed how vulnerable I was.
