New Bluekit phishing service includes an AI assistant, 40 templates

New Bluekit phishing service includes an AI assistant, 40 templates By Bill Toulas April 30, 2026 02:58 PM 0 A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for generating campaign drafts. Available templates can be used to target email accounts (Outlook, Hotmail, Gmail, Yahoo, ProtonMail), cloud services (iCloud), developer platforms (GitHub), and cryptocurrency services (Ledger). What makes the kit stand out is the presence of an AI Assistant panel that supports multiple models, including Llama, GPT-4.1, Claude, Gemini, and DeepSeek, which helps cybercriminals draft phishing emails. This reinforces the broader trend of cybercrime platforms integrating AI to streamline and scale their operations. Abnormal Security recently reported about ATHR, a voice phishing platform that leverages AI agents to conduct social engineering attacks. Cybersecurity company Varonis analyzed a limited version of Bluekit's AI Assistant panel and notes that the generated outputs featured placeholder content, suggesting a feature in an early, experimental stage. “The [generated] draft included a useful structure, but it still depended on generic link fields, placeholder QR blocks, and copy that would need cleanup before use,” Varonis says. “Bluekit’s AI Assistant looked more like a way to generate a campaign skeleton than a finished phishing flow.” AI models available on BlueKit Source: Varonis Apart from the AI aspect, BlueKit integrates domain purchase/registration, phishing page setup, and campaign management into a single panel. Varonis reviewed templates for iCloud, Apple ID, Gmail, Outlook, Hotmail, Yahoo, ProtonMail, GitHub, Twitter, Zoho, Zara, and Ledger, featuring realistic designs and logos. Sample of the offered templates Source: Varonis Operators can select domains, templates, and modes in a unified interface, configure the phishing page behavior, such as redirects, anti-analysis mechanisms, and login process handling, and monitor victim sessions in real-time. Based on the options in the dashboard, users have granular control over the behavior of the phishing pages and can block VPN or proxy traffic, headless user agents, or set fingerprint-based filters. Security options Source: Varonis Stolen data is exfiltrated via Telegram, on private channels accessible by the operators. The post-capture session monitoring includes cookies, local storage, and live session state, showing what the victim was served after login, helping operators refine their attacks for maximum effectiveness. Monitoring post-capture activity from within the dashboard Source: Varonis Varonis comments that Bluekit is yet another example of an “all-in-one” phishing platform, giving lower-tier cybercriminals fully fledged tools to manage the entire phishing attack lifecycle. Recent Bluekit release notes Source: Varonis However, the kit currently appears to be under active development, receiving frequent updates and evolving quickly, making it a good candidate for growing adoption. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming. At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: New ATHR vishing platform uses AI voice agents for automated attacks Bubble AI app builder abused to steal Microsoft account credentials Microsoft now lets admins uninstall Copilot on enterprise devices Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery Microsoft increases Zero Day Quest prize pool to $5 million