VERY IMPORTANT

This intelligence report analyzes the ONNX Store, a phishing-as-a-service platform targeting financial institutions through embedded QR codes in PDF attachments redirecting victims to phishing sites. The report details the platform's features, including two-factor authentication bypass, realistic Microsoft 365 phishing pages, and use of Cloudflare to evade detection. It assesses with high confidence that ONNX Store is a rebranding of the Caffeine phishing kit, likely developed and maintained by the Arabic-speaking threat actor MRxC0DER. The report also covers prevention strategies, detection opportunities, and provides indicators of compromise.