Bluekit phishing-as-a-service has expanded with nearly 70 new hostnames and a browser-in-the-middle approach that uses rrweb to relay legitimate login pages while stealing session tokens. The platform also includes AI-assisted phishing email drafting, advanced victim filtering, and anti-analysis checks to evade researchers and security tools. #Bluekit #rrweb #Varonis #Netcraft
Keypoints
- Bluekit added nearly 70 new hostnames in the past week.
- The platform now uses a browser-in-the-middle technique for data theft.
- Bluekitβs AI assistant supports multiple large language models for phishing emails.
- Its anti-analysis features include fingerprinting, CAPTCHA, and WebRTC IP mismatch checks.
- Bluekit can monitor victims live and capture valid session tokens after login.