New Bluekit Phishing Kit Features AI Assistant

New Bluekit Phishing Kit Features AI Assistant

Summary (EN)

SecurityWeek reported on May 2 that researchers at Varonis have identified Bluekit, a phishing kit still under development that combines traditional phishing infrastructure with an AI assistant and automated domain registration. The kit is advertised as offering more than 40 website templates, two-factor authentication support, geolocation emulation, antibot cloaking, notifications, spoofing capabilities, voice cloning, and a mail sender. SecurityWeek says Varonis gained access to Bluekit’s control panel, where operators can manage domain creation, setup, logs, delivery, and campaign support from a single dashboard. The kit uses Telegram as the default exfiltration channel and includes templates for services such as Apple ID, iCloud, GitHub, Gmail, Hotmail, Ledger, ProtonMail, Outlook, Zara, and Zoho. Operators can select a domain, targeted brand, mode, and site behavior for login detection, redirects, anti-analysis checks, spoofing, device filters, and proxy settings. Bluekit also stores cookies and local-storage dumps and provides a live view of logged-in session data, showing that it is designed for more than simple credential harvesting. Its AI Assistant panel exposes multiple model options; in Varonis testing it produced a structured campaign draft with placeholders rather than ready-to-use content. Varonis said the kit has not yet been seen in live campaigns but is evolving rapidly, making it a likely future threat if adopted more broadly.

Summary (ZH)

SecurityWeek 5 月 2 日报道称，Varonis 研究人员发现了一个仍在开发中的钓鱼套件 Bluekit。该套件把传统钓鱼基础设施与 AI 助手、自动域名注册等能力结合起来。Bluekit 对外宣传拥有 40 多个网站模板、双因素认证支持、地理位置模拟、反机器人伪装、通知、欺骗能力、语音克隆和邮件发送器等功能。报道称，Varonis 获得了 Bluekit 控制面板的访问权限，发现操作者可以在同一个仪表盘中管理域名创建与设置、日志、投递和活动支持。该套件默认使用 Telegram 作为数据外泄通道，并提供 Apple ID、iCloud、GitHub、Gmail、Hotmail、Ledger、ProtonMail、Outlook、Zara、Zoho 等服务模板。操作者可以选择域名、目标品牌、模式，并控制登录检测、重定向、反分析检查、欺骗、设备过滤和代理设置等网站行为。Bluekit 还会保存 cookie 与 local storage 数据，并提供登录会话数据的实时视图，说明它不只是用于简单盗取密码。其 AI Assistant 面板提供多个模型选项；Varonis 测试时，该助手生成的是带占位符的结构化活动草稿，而非可直接投放的完整内容。Varonis 表示尚未看到 Bluekit 被用于真实攻击活动，但其功能更新很快，若被更广泛采用，未来可能成为重要威胁。

Source

https://www.securityweek.com/new-bluekit-phishing-kit-features-ai-assistant/