Researchers from security firm Mandiant uncovered a new Phishing-as-a-Service (PhaaS) solution. The so-called Caffeine platform helps non-technical cybercriminals launch phishing campaigns.

According to the security vendor, Caffeine allows almost anyone to launch phishing campaigns. The platform is generally available instead of the invite-only model that Phishing-as-a-Service solutions typically go for.

Users can easily create an account and gain access to the ‘Caffeine Store’. The online store provides access to a dashboard and the tools required for campaigns. From here, users can sign up for a subscription and get started.

A subscription costs about €258 ($250) per month, €464 ($450) per three months and €876 ($850) per six months, depending on the features used. This makes the platform three to five times more expensive than other PhaaS solutions. In return, Caffeine offers a relatively broad set of features, including anti-detection functionality, anti-analysis functionality and customer service.

Caffeine’s features

One of the tools provides a mechanism for customizing dynamic URL schemes and generating pages that can be pre-filled with victim information.

In addition, the platform provides first-stage redirect pages and final phishing forms for campaigns. Furthermore, IP blocking options are included for geoblocking, CIDR-range-based blocking and more.

Cybercriminals can deploy a phishing kit after setting the key parameters for their campaign. So far, the kit is limited to a knockoff Microsoft 365 login page. One of several phishing templates can be added to the page.

At this time, the templates are solely designed for Russian and Chinese targets, giving the impression that the platform only targets these two countries. Mandiant’s experts expect other templates to become available over time, including templates for Western countries.

Finally, the platform lets cybercriminals use proprietary Python- and PHP-based email tools. As a result, users don’t have to rely on third-party tools to send mass emails to targets.

Countering Caffeine

Mandiant’s software was updated to detect phishing emails sent through the Caffeine platform. Regardless, Mandiant warns that the platform’s users are likely to develop new anti-detection techniques over time, making detection difficult or impossible.