AI-Powered Bluekit Phishing Service Offers 40 Templates & Assistant
▼ Summary
– Bluekit is a new phishing kit with over 40 templates targeting services like Outlook, Gmail, GitHub, and Ledger.
– It includes an AI Assistant panel supporting models like GPT-4.1 and Claude to help cybercriminals draft phishing emails.
– Varonis’ analysis found the AI Assistant’s outputs contained placeholder content, indicating an early, experimental stage.
– The kit integrates domain purchase, phishing page setup, and campaign management into a single dashboard with granular controls.
– Stolen data is exfiltrated via Telegram, and the platform allows real-time monitoring of victim sessions and post-capture activity.
A new phishing-as-a-service platform called Bluekit has emerged, offering over 40 ready-made templates targeting major online services and integrating basic AI capabilities to help attackers draft fraudulent campaigns. The kit is designed to lower the barrier for cybercriminals by bundling domain registration, page creation, and campaign oversight into a single dashboard.
The templates cover a wide range of targets, including popular email providers (Outlook, Hotmail, Gmail, Yahoo, ProtonMail), cloud storage (iCloud), developer tools (GitHub), and cryptocurrency services (Ledger). What sets Bluekit apart is its AI Assistant panel, which supports multiple large language models such as Llama, GPT-4.1, Claude, Gemini, and DeepSeek. This feature allows attackers to generate phishing email drafts automatically, though the output quality is still rough.
Security firm Varonis analyzed a limited version of the AI Assistant and found that the generated content contained placeholder text and generic link fields. “The draft included a useful structure, but it still depended on generic link fields, placeholder QR blocks, and copy that would need cleanup before use,” the company noted. Varonis described the AI feature as more of a “campaign skeleton” than a finished phishing flow, indicating it is still in an early, experimental stage.
This development aligns with a broader trend of AI integration in cybercrime platforms. Abnormal Security recently reported on ATHR, a voice phishing platform that uses AI agents to automate social engineering attacks. Bluekit represents a similar evolution in the email phishing space, offering a streamlined interface for managing the entire attack lifecycle.
Beyond the AI tooling, Bluekit provides granular control over phishing page behavior. Operators can block VPN or proxy traffic, filter out headless user agents, and set fingerprint-based restrictions to evade detection. The platform also supports real-time session monitoring, allowing attackers to view cookies, local storage, and live session states after a victim logs in. Stolen data is exfiltrated via private Telegram channels.
Varonis reviewed templates for iCloud, Apple ID, Gmail, Outlook, Hotmail, Yahoo, ProtonMail, GitHub, Twitter, Zoho, Zara, and Ledger, noting that each features realistic designs and logos. The kit is currently under active development, with frequent updates that suggest it may gain traction among lower-tier cybercriminals seeking fully fledged, all-in-one phishing tools.
(Source: BleepingComputer)