Cybersecurity analysts found a phishing-as-a-service platform (PhaaS) that cybercriminals can access for around $250 per month. The Caffeine phishing kit offers unlimited customer support options, anti-detection features and an anti-analysis option to launch phishing attacks on unsuspecting users.
Experts at American cybersecurity company Mandiant detected Caffeine earlier this March and found that it allowed subscribers to select from various configuration settings to customize their attacking maneuver. It also helped create new dynamic URL schemes with malicious payloads and offered options to blacklist specific IP addresses and connections based on their points of origin. A Caffeine phishing kit for phishers allowed managing redirect pages and tracking campaign email activity.
Caffeine follows three main steps. First, it accesses a compromised web administrator user account, exploits the vulnerability in the web infrastructure platforms and finally exploits the web application.
Unlike most other PhaaS platforms, Caffeine allows an open registration facility for hackers, making it accessible to anyone seeking to launch a phishing attack. Moreover, acquiring this phishing kit does not require going through the narrow communication channels of underground forums or encrypted messaging services. It can be bought using any email address. Unlike buying other PhaaS, which require an endorsement or referral from an existing user, Caffeine can be purchased without such hassles. The Caffeine phishing platform includes the following elements:
For unknown reasons, Caffeine developers have created special phishing email templates earmarked for attacking Chinese and Russian targets.
A case study
Researchers found Caffeine being used in March, targeting a European architectural consulting firm. A malicious email was sent using a suspicious URL. It was further investigated to get the domain data in the email. It was eduardorodiguez9584[.]ongraphy[.]com, which resolved to IP address 134.209.156[.]27 during the cyber-attack. Upon further research, it was found that the associated phishing domain of the Caffeine platform was not configured correctly. It has been observed that the developers of this phishing kit create newer versions of specific pages to evade detection.
AI fraud, deepfake probes, SME cyber warnings, and ransomware cases highlight rising global risks in this week’s Cyber Express roundup.
French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials…
The real success of AI will not only depend on how powerful the technology becomes, but on how safely, fairly,…
Israel data breach totals two petabytes, with phishing up 35% and cyber influence attacks rising 170%, says Yossi Karadi.
The UMMC cyberattack halted surgeries, closed clinics statewide and triggered a federal probe into potential patient data exposure.
ESET researchers discovered PromptSpy, the first known Android malware to integrate generative AI directly into its execution flow, marking a…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More