New Bluekit Phishing Kit Features AI Assistant

Summary

Varonis has discovered Bluekit, an advanced phishing kit still in active development that offers over 40 website templates, automated domain registration, AI-powered campaign drafting, voice cloning, and support for geolocation emulation and anti-bot cloaking. The kit features a comprehensive dashboard for managing domains, phishing pages, logs, and exfiltration via Telegram, with support for credential harvesting and session state tracking. Although not yet deployed in live campaigns, the rapid pace of feature updates suggests it poses a significant threat if adoption increases.

Full text

A recently discovered phishing kit provides miscreants with a broad range of capabilities, including an AI assistant and automated domain registration, Varonis reports. Dubbed Bluekit, it has been advertised as offering over 40 website templates, support for two-factor authentication, geolocation emulation, antibot cloaking, notifications, spoofing capabilities, voice cloning, and a mail sender. According to Varonis, the phishing kit contains templates for email and cloud services, developer platforms, cryptocurrency services, and retail and social media platforms, such as Apple ID, iCloud, GitHub, Gmail, Hotmail, Ledger, ProtonMail, Outlook, Zara, and Zoho. Varonis says it gained access to Bluekit’s control panel, which revealed access to a dashboard covering domain creation and setup, logs, delivery, and campaign support. The phishing kit uses Telegram as the default exfiltration channel. “Operators can buy or connect domains from the same interface used to manage phishing pages and captured logs, rather than splitting that work across separate services,” Varonis notes. The dashboard allows users to select a domain, choose a targeted brand or service, select a mode, and control the site’s behavior regarding login detection, redirects, anti-analysis checks, spoofing, device filters, and proxy settings.Advertisement. Scroll to continue reading. In addition to supporting session state tracking, Bluekit stores cookies and local storage dumps and provides a live view of logged-in session data, as it handles more than just credential grab. The kit’s AI Assistant has its own panel and exposes multiple model options, likely accessible through jailbroken or permissive instances. When tested, the assistant delivered a structured campaign draft with placeholders rather than ready-to-use content. According to Varonis, Bluekit’s developer is releasing feature and template updates at a rapid pace, but the phishing kit has not yet been used in a live campaign. “Compared with similar phishing kits that have already advanced further into automation and operator convenience, Bluekit still appears to be a kit in active development. The feature set keeps evolving as we track it, and if that pace continues with broader adoption, Bluekit is likely to surface in future campaigns,” Varonis says. Related: Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks Related: Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials Related: Internet Infrastructure TLD .arpa Abused in Phishing Attacks Related: Over 100 Organizations Targeted in ShinyHunters Phishing Campaign Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire SonicWall Urges Immediate Patching of Firewall VulnerabilitiesSAP NPM Packages Targeted in Supply Chain AttackCritical cPanel & WHM Vulnerability Exploited as Zero-Day for Months‘Copy Fail’ Logic Flaw in Linux Kernel Enables System TakeoverFresh LiteLLM Vulnerability Exploited Shortly After DisclosureCheckmarx Confirms Data Stolen in Supply Chain AttackIranian Cyber Group Handala Targets US Troops in BahrainChrome 147, Firefox 150 Security Updates Rolling Out Latest News In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI SurgeTwo US Security Experts Sentenced to Prison for Helping Ransomware GangSophisticated Deep#Door Backdoor Enables Espionage, DisruptionCisco Releases Open Source Tool for AI Model Provenance Hugging Face, ClawHub Abused for Malware DistributionFBI Warns of Surge in Hacker-Enabled Cargo Theft1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveChris Sistrunk has been promoted to Practice Leader for Mandiant's OT Security Consulting.Nudge Security has appointed Patrick Dillon as its Chief Revenue Officer.AutoNation has appointed Brian Fricke as Chief Information Security Officer.More People On The MoveExpert Insights The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — Bluekit

Entities