The novel Bluekit phishing-as-a-service kit enables credential theft and session hijacking by using over 40 counterfeit login pages for platforms like Outlook and Gmail, while its adversary-in-the-middle capabilities bypass multi-factor authentication. The kit's integrated management console and proprietary AI assistant, which aids in campaign creation and features like voice cloning, lower the barrier to entry for attackers. No specific software vulnerability, CVSS score, affected versions, or patch is detailed, as the threat is a service-based attack tool.
Phishing , Threat Intelligence Multi-platform targeting, AiTM capabilities flexed by novel Bluekit phishing kit May 1, 2026 Share By SC Staff HackRead reports that the newly emergent Bluekit phishing-as-a-service kit has been enabling extensive platform targeting with its over 40 counterfeit website templates for Outlook, Gmail, iCloud, GitHub, and Ledger, while evading multi-factor authentication through adversary-in-the-middle techniques, further lowering the barrier to cybercrime. Inputting credentials on fake Bluekit pages allows not only the theft of passwords but also the siphoning of session cookies and local storage data that could then be leveraged for subsequent account compromise, according to findings from Varonis Threat Labs. "Operators can buy or connect domains from the same interface used to manage phishing pages and captured logs, rather than splitting that work across separate services. That setup flow also extends into site creation itself," said researchers. Bluekit was also discovered to have the proprietary AI assistant Abliterated Llama, which has primarily enabled campaign framework creation. However, Bluekit developers' integration of voice cloning, antibot cloaking, and geolocation emulation features into the AI assistant may prompt the increased adoption of the PhaaS kit. SC Staff Related Email security Commercial spam and phishing attacks increasingly leverage trusted platforms SC Staff May 1, 2026 Commercial spam now constitutes 46% of all spam globally, with a significant portion originating from compromised accounts and free email services, according to VIPRE Security Group's Q1 2026 Email Threat Trends Report. Security Operations 2 threat groups linked to The Com target critical infrastructure with data theft SC Staff May 1, 2026 These financially-motivated attackers, closely aligned with Scattered Spider, use voice-phishing and social engineering to breach victims' identity platforms and traverse SaaS environments, according to a report by CrowdStrike. Threat Management Microsoft: QR code, CAPTCHA-gated phishing more than double in Q1 2026 Laura French May 1, 2026 The company detected about 8.3 billion email-based phishing threats between January and March. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Backdoor Deauthentication Attack Disruption Distributed Scans Domain Hijacking Dumpster Diving Fault Line Attacks Hybrid Attack Information Warfare You can skip this ad in 5 seconds