This dangerous new hacker tool makes phishing worryingly easy

Setting up phishing campaigns for Microsoft 365 has become a relatively straightforward process due to a phishing-as-a-service (PhaaS) platform named Caffeine.

As reported by Bleeping Computer, the service offers a way for cybercriminals to target individuals in order to obtain access to their Microsoft 365 accounts.

Wachiwit/Shutterstock

Researchers from cybersecurity company Mandiant released a report on Caffeine after uncovering it recently. They discovered the service following an investigation into a phishing campaign derived from Caffeine, which saw threat actors focusing Caffeine’s efforts on one of the firm’s clients.

Unlike other platforms, anyone interested can access Caffeine without the requirement of invites or referrals. Another trait that is common among such services is receiving approval from an admin on a Telegram group or hacking forum. However, this screening process is also not needed by Caffeine.

Although the majority of PhaaS platforms target western regions, the phishing templates for Caffeine in particular revolve around both Russian and Chinese platforms.

After a threat actor has created their account, they gain access to the Caffeine Store, a central hub featuring tools for setting up phishing campaigns. Of course, the service isn’t offered for free. A subscription license is priced at $250 per month, while the more premium options cost $450 (three months) and $850 (six months).

Image source: Mandiant/Bleeping Computer

The aforementioned prices are around three to five times higher than an average PhaaS subscription. That said, it delivers both anti-detection and anti-analysis systems, in addition to customer support.

Once the phishing campaign has been set up, the phishing kit itself — a Microsoft 365 login page — is launched, after which a phishing template has to be selected. A Python or PHP-based email management utility are other convenient tools that are also offered to distribute phishing emails to targets.

Mandiant has detailed how to detect phishing emails from Caffeine, but the fact remains that when additional templates are added to Caffeine, it’ll become an even more attractive platform for setting up phishing campaigns. When factoring in the automated aspect of the service, newcomers to PhaaS can launch their cyber attacks with ease.

Scammers have previously attempted to send out fake Microsoft Office USB sticks to infect a target’s system with ransomware.

Related posts

Latest posts

Swippitt is one of the most creative smartphone accessories I’ve seen in years

What if you never had to charge your smartphone ever again? I recently saw a device called Swippitt that wants to make this a reality, and it's wild.

This phenomenal Acer gaming laptop is $450 off at Best Buy

The Acer Predator Helios is packed with high-end gaming hardware and it's on sale at a great discount right now at Best Buy.

The ever-popular Dell XPS 13 has a massive $700 discount today

The Dell XPS 13 is one of the best laptops around and this particular model with a great screen and plenty of RAM is $700 off for a limited time.

AMD has just quietly launched its cheapest CPU

AMD just quietly launched a new CPU, once again dipping into the previous generation.

Microsoft introduces new ‘pay-as-you-go’ AI agents

Microsoft has released its AI agents feature, small models designed to automate repetitive business tasks, to all of its commercial customers.

Nvidia just announced an app that every PC gamer should install

Nvidia's Project G-Assist is coming in February, and it already has a ton of promise for PC gamers.

Nvidia says the RTX 5080 is ‘about’ 15% faster than the RTX 4080 without DLSS

Nvidia has provided some more concrete performance estimates for its upcoming RTX 50-series graphics cards without DLSS turned on.

Snap up the HP Omen with RTX 4070 while it has a $500 discount

The HP Omen is a good looking gaming laptop with some great hardware. It's currently on sale at HP making it much more affordable than before.

I’m a parent of two. Here’s why I think Pinwheel’s kids’ smartwatch is brilliant

Pinwheel isn't the first kid's smartwatch to hit the scene, but it is the newest — and looks like it could be one of the most impressive yet.

The Galaxy S25 just got a tough new competitor a week before its release

The Samsung Galaxy S25 is almost here, but a week before its release, Honor has released a striking competitor with the Honor Magic 7 Pro.