Caffeine phishing.
N2K logoOct 12, 2022

Mandiant researchers describe a new offering in the C2C market.

Caffeine phishing.

Mandiant describes a phishing-as-a-service (PhaaS) platform called “Caffeine,” which is surprisingly accessible and available to anyone on the Internet who knows the URL for its website:

“Unlike most PhaaS platforms Mandiant encounters, Caffeine is somewhat unique in that it features an entirely open registration process, allowing just about anyone with an email to register for their services instead of working directly through narrow communication channels (such as underground forums or encrypted messaging services) or requiring an endorsement or referral through an existing user. Additionally, to seemingly maximize support for a variety of clientele, Caffeine also provides phishing email templates earmarked for use against Chinese and Russian targets; a generally uncommon and noteworthy feature of the platform.”

The researchers add that Caffeine’s developers are actively working to expand its capabilities:

“It is possible to register for an account with no significant disclosure of information and no external validation mechanisms (such as endorsement through other existing Caffeine users) to access the site. Once registered, a new Caffeine user is then directed to the service’s main index page to begin their phishing voyages. It is worth noting that over the course of its investigation into the Caffeine platform, Managed Defense observed Caffeine’s administrators announce several key platform improvements via the Caffeine news feed, including feature updates and expansions of their accepted cryptocurrencies.”

BleepingComputer notes that the phishing kit will continue to grow more effective as its developers add more phishing templates to its repertoire.