Bluekit is a newly discovered phishing kit that bundles over 40 templates, an AI assistant, automated domain registration, anti-bot cloaking, spoofing, voice cloning, and uses Telegram for data exfiltration. Varonis accessed Bluekit’s control panel and found integrated domain and campaign management, session tracking, and rapid feature updates, though the kit remains in active development and has not yet been used in live campaigns. #Bluekit #Varonis
Keypoints
- Bluekit offers more than 40 phishing templates across email, cloud, crypto, retail, and developer platforms.
- The kit includes an AI assistant, voice cloning, anti-bot cloaking, two-factor spoofing, and mail-sending features.
- Operators can buy or connect domains and manage phishing pages, logs, and campaigns from a single dashboard that uses Telegram for exfiltration.
- Bluekit stores cookies and local-storage dumps and provides live views of logged-in session data, not just credential captures.
- Varonis reports the kit is rapidly evolving but still in development and has not yet been observed in live attacks, though wider adoption could change that.
Read More: https://www.securityweek.com/new-bluekit-phishing-kit-features-ai-assistant/