BLUEKIT is a newly discovered phishing kit still in development that combines AI features with automated domain setup and a centralised dashboard for campaign management. According to Varonis Threat Labs, it offers over 40 website templates and tools for spoofing, voice cloning, antibot protection, geolocation tricks, and 2FA bypass support, all aimed at broadening its phishing capabilities.
Bluekit supports templates for major services such as iCloud, Apple ID, Gmail, Outlook, Yahoo, ProtonMail, GitHub, Twitter, Zoho, Zara, and Ledger, merging email, cloud, crypto, and developer platforms in one kit. In testing, researchers accessed the internal dashboard to observe how campaigns are created, domains registered, credentials captured, and data sent via Telegram, with a site-builder offering granular control over phishing pages and real-time session tracking.
The AI Assistant panel includes models like Llama (default), GPT-4.1, Claude Sonnet 4, Gemini, and DeepSeek, though only the default Llama model proved usable in practice. The researchers noted the AI generated only a structured draft rather than a ready-to-use phishing campaign, highlighting its role more as an outlining tool than a complete kit. May 04, 2026.