NEW Bluekit Phishing Kit Features AI Assistant reports a recently discovered kit that offers miscreants a broad range of capabilities, including an AI assistant and automated domain registration, according to Varonis. Dubbed Bluekit, it is advertised as providing over 40 website templates, support for two-factor authentication, geolocation emulation, antibot cloaking, notifications, spoofing capabilities, voice cloning, and a mail sender.
It includes templates for email and cloud services, developer platforms, cryptocurrency services, and retail and social media platforms such as Apple ID, iCloud, GitHub, Gmail, Hotmail, Ledger, ProtonMail, Outlook, Zara, and Zoho. Varonis says its control panel reveals a dashboard covering domain creation and setup, logs, delivery, and campaign support, with Telegram as the default exfiltration channel.
The dashboard lets users select a domain, target a brand or service, choose a mode, and control login detection, redirects, anti-analysis checks, spoofing, device filters, and proxy settings, while storing cookies and local storage dumps and providing a live view of logged-in session data.
The kit’s AI Assistant has its own panel with multiple model options, and when tested it delivered a structured campaign draft with placeholders rather than ready-to-use content, with development pace described as rapid and ongoing.