Cybersecurity

Bluekit Phishing Kit Integrates AI, Automates Advanced Attacks

By Sentinel News Editorial Team

May 02, 2026 Source: Securityweek 6 views

A sophisticated new phishing kit dubbed Bluekit has emerged, equipped with an integrated AI assistant and robust automation features designed to streamline credential theft and session hijacking. Discovered by Varonis, this rapidly evolving kit offers a comprehensive suite of tools for attackers, signaling a potential shift in the sophistication of readily available phishing tools.

Bluekit features an AI assistant and automated domain registration, streamlining malicious campaign setup for attackers.
It offers over 40 brand templates, 2FA bypass capabilities, session state tracking, voice cloning, and antibot cloaking.
Currently in active development, Bluekit has not yet been deployed in live campaigns but is evolving at a rapid pace.

Intelligence briefing: Why this matters: The integration of AI and extensive automation in phishing kits like Bluekit lowers the barrier for sophisticated attacks, demanding advanced defensive strategies and constant vigilance from IT and military security professionals.

A recently discovered phishing kit provides miscreants with a broad range of capabilities, including an AI assistant and automated domain registration, Varonis reports.

Dubbed Bluekit, it has been advertised as offering over 40 website templates, support for two-factor authentication, geolocation emulation, antibot cloaking, notifications, spoofing capabilities, voice cloning, and a mail sender.

According to Varonis, the phishing kit contains templates for email and cloud services, developer platforms, cryptocurrency services, and retail and social media platforms, such as Apple ID, iCloud, GitHub, Gmail, Hotmail, Ledger, ProtonMail, Outlook, Zara, and Zoho.

Varonis says it gained access to Bluekit’s control panel, which revealed access to a dashboard covering domain creation and setup, logs, delivery, and campaign support. The phishing kit uses Telegram as the default exfiltration channel.

“Operators can buy or connect domains from the same interface used to manage phishing pages and captured logs, rather than splitting that work across separate services,” Varonis notes.

The dashboard allows users to select a domain, choose a targeted brand or service, select a mode, and control the site’s behavior regarding login detection, redirects, anti-analysis checks, spoofing, device filters, and proxy settings.

In addition to supporting session state tracking, Bluekit stores cookies and local storage dumps and provides a live view of logged-in session data, as it handles more than just credential grab.

The kit’s AI Assistant has its own panel and exposes multiple model options, likely accessible through jailbroken or permissive instances. When tested, the assistant delivered a structured campaign draft with placeholders rather than ready-to-use content.

According to Varonis, Bluekit’s developer is releasing feature and template updates at a rapid pace, but the phishing kit has not yet been used in a live campaign.

“Compared with similar phishing kits that have already advanced further into automation and operator convenience, Bluekit still appears to be a kit in active development. The feature set keeps evolving as we track it, and if that pace continues with broader adoption, Bluekit is likely to surface in future campaigns,” Varonis says.

Related: Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Related: Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials

Related: Internet Infrastructure TLD .arpa Abused in Phishing Attacks

Analysis

The advent of AI-assisted phishing kits signifies a dangerous democratization of advanced cyber capabilities, potentially enabling less skilled threat actors to launch highly convincing and complex campaigns. For defense and cybersecurity professionals, this necessitates a proactive pivot towards AI-driven threat detection and robust user education, as traditional indicators of compromise may become harder to discern amidst sophisticated spoofing and dynamic content generation. The rapid development pace suggests such tools will likely be weaponized for intelligence gathering and critical infrastructure targeting in the near future.

phishingaicybersecuritythreat intelligenceautomationmalwarebluekit

Original reporting: https://www.securityweek.com/new-bluekit-phishing-kit-features-ai-assistant/