1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Researchers discover new all-in-one Bluekit phishing kit capable

    From TechnologyDaily@1337:1/100 to All on Thursday, April 30, 2026 16:30:26
    Researchers discover new all-in-one Bluekit phishing kit capable of bypassing enterprise 2FA protocols and emulating 40+ global brands

    Date:
    Thu, 30 Apr 2026 15:20:00 +0000

    Description:
    Bluekit centralizes and automates entire phishing campaigns, and is capable
    of stealing sessions, avoiding detection, and spoofing locations.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Researchers have discovered a complex new phishing kit Bluekit offers phishing in a software-as-a-service package An entire campaign can be centralized and automated, and assisted by AI Bluekit is a new phishing kit uncovered by Varonis Threat Labs
    researchers, who reviewed the kit first hand to explore its capabilities.

    The phishing kit has a broad range of dangerous capabilities, including the ability to mimic over 40 well-known brands, geolocation emulation, and an AI-assistant to walk you through an attack. Bluekit is highly professionalized, and offers attackers a sophisticated all-in-one dashboard for launching a phishing campaign. Article continues below You may like This devious VENOM phishing campaign targets business executives by name so watch what you click on How businesses can defend themselves against the rise of phishing as a service The fake Rolex problem: How AI turned amateur attackers into nation-state threats Bluekit streamlines cybercrime Rather than congregating each component for a phishing attack from different vendors, Bluekit acts in a similar way to a software-as-a-service platform, with a dashboard that centralizes and automates phishing workflows, significantly reducing the barrier for entry to potentially devastating phishing attacks.

    Bluekit handles domain registration , site hosting, and data exfiltration on
    a single panel, and offers emulation of popular global platforms, including iCloud , Apple ID, Gmail, Outlook, Hotmail, Yahoo, ProtonMail, GitHub, Twitter, Zoho, Zara, and Ledger. Offering such a wide range of targets allows attackers to quickly pivot between targets, run recognizable but local campaigns, and even run attacks simultaneously. A screenshot from the Bluekit dashboard showing examples of the spoofed login pages. (Image credit:
    Varonis) The platform also integrates the Telegram messaging app to offer real-time alerts on successful exfiltration.

    Varonis also explored the platforms AI assistant, which they say could be potentially jailbroken variants of Llama, GPT-4.1, Sonnet 4, Gemini, and DeepSeek. In testing, the AI agent was capable of drafting skeleton phishing emails that required little modification in order to create convincing localized lures. Typically, an official AI model would reject any attempts to draft a phishing email, but by using jailbroken versions these guardrails are removed. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. A screenshot from the Bluekit dashboard showing the variants of jailbroken AI models available for use by the integrated AI assistant. (Image credit: Varonis) In order to harvest credentials, Bluekit is capable of hijacking sessions and extracting cookies, allowing the attacker to bypass multi-factor authentication (MFA) protocols
    by using the stolen active browser session to mimic the authenticated user. The platform also allows the attacker to see a live-feed of the targets
    screen after they log in and navigate the fake page.

    In order for the automated attack to avoid detection, Bluekit also includes features that allow it to cloak itself to avoid bot-detection tools, and can prevent analysis checks by preventing site access to headless user agents, headless resolutions, bad fingerprints, proxies and virtual private networks (VPNs). Device access can also be filtered to desktop or mobile only.

    For some platforms, a login from an unusual location can trigger an alert to the user with steps to secure their account. In order to prevent these notifications, Bluekits location emulation abilities can make the login
    appear to be from a normal location. What to read next This popular app builder is being abused to trick users - here's what we know Spotting the spyware: How modern spies are weaponizing phishing 'The breadth of targeted cloud platforms continues to expand': Google's security team takes a look at how ShinyHunters have rolled out so many SSO scams recently

    During their testing, the researchers noted that Bluekit is being actively updated with new features, rapidly expanding its abilities and making the kit an increasingly potent tool for attackers. The feature set keeps evolving as we track it, and if that pace continues with broader adoption, Bluekit is likely to surface in future campaigns, the researchers said. A screenshot of the Bluekit dashboard, showing the centralized panel an attacker would see when launching or monitoring a campaign. (Image credit: Varonis) As AI is lowering the barrier for entry into cybercrime, so too are all-in-one attacking platforms such as Bluekit.

    In order to better resist these evolving threats, businesses should adopt FIDO2 or Hardware keys for authentication, which often verify a user using biometric authentication via a recognized device in a pre-verified environment, making them much more resistant to location-spoofed login attempts. Employee training is also one of the most effective ways to prevent phishing attacks. By regularly simulating phishing emails, employees become much more vigilant and capable of recognizing suspicious emails. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/researchers-discover-new-all-in-one-blu ekit-phishing-kit-capable-of-bypassing-enterprise-2fa-protocols-and-emulating- 40-global-brands


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)