New Bluekit Phishing Kit Features AI Assistant

A recently discovered phishing kit provides miscreants with a broad range of capabilities, including an AI assistant and automated domain registration, Varonis reports. Dubbed Bluekit, it has been advertised as offering over 40 website templates, support for two-factor authentication, geolocation emulation, antibot cloaking, notifications, spoofing capabilities, voice cloning, and a mail sender. According to Varonis, the phishing kit contains templates for email and cloud services, developer platforms, cryptocurrency services, and retail and social media platforms, such as Apple ID, iCloud, GitHub, Gmail, Hotmail, Ledger, ProtonMail, Outlook, Zara, and Zoho. Varonis says it gained access to Bluekit’s control panel, which revealed access to a dashboard covering domain creation and setup, logs, delivery, and campaign support. The phishing kit uses Telegram as the default exfiltration channel. “Operators can buy or connect domains from the same interface used to manage phishing pages and captured logs, rather than splitting that work across separate services,” Varonis notes. The dashboard allows users to select a domain, choose a targeted brand or service, select a mode, and control the site’s behavior regarding login detection, redirects, anti-analysis checks, spoofing, device filters, and proxy settings. In addition to supporting session state tracking, Bluekit stores cookies and local storage dumps and provides a live view of logged-in session data, as it handles more than just credential grab. The kit’s AI Assistant has its own panel and exposes multiple model options, likely accessible through jailbroken or permissive instances. When tested, the assistant delivered a structured campaign draft with placeholders rather than ready-to-use content. According to Varonis, Bluekit’s developer is releasing feature and template updates at a rapid pace, but the phishing kit has not yet been used in a live campaign. “Compared with similar phishing kits that have already advanced further into automation and operator convenience, Bluekit still appears to be a kit in active development. The feature set keeps evolving as we track it, and if that pace continues with broader adoption, Bluekit is likely to surface in future campaigns,” Varonis says. Related: Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks Related: Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials Related: Internet Infrastructure TLD .arpa Abused in Phishing Attacks Related: Over 100 Organizations Targeted in ShinyHunters Phishing Campaign WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire SonicWall Urges Immediate Patching of Firewall Vulnerabilities SAP NPM Packages Targeted in Supply Chain Attack Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure Checkmarx Confirms Data Stolen in Supply Chain Attack Iranian Cyber Group Handala Targets US Troops in Bahrain Chrome 147, Firefox 150 Security Updates Rolling Out Latest News In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability  Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge Two US Security Experts Sentenced to Prison for Helping Ransomware Gang Sophisticated Deep#Door Backdoor Enables Espionage, Disruption Cisco Releases Open Source Tool for AI Model Provenance  Hugging Face, ClawHub Abused for Malware Distribution FBI Warns of Surge in Hacker-Enabled Cargo Theft 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom Trending Webinar: A Step-By-Step Approach To AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Chris Sistrunk has been promoted to Practice Leader for Mandiant's OT Security Consulting. Nudge Security has appointed Patrick Dillon as its Chief Revenue Officer. AutoNation has appointed Brian Fricke as Chief Information Security Officer. More People On The Move Expert Insights The Mythos Moment: Enterprises Must Fight Agents With Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense In The Age Of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Email