A new phishing tool called Bluekit demonstrates how cybercriminals are increasingly using advanced and integrated software to launch attacks.
The tool combines various components of the phishing process into a single environment and capitalizes on the growing role of artificial intelligence in cybercrime, reports Bleeping Computer.
Bluekit offers a range of ready-made templates targeting well-known online services, including email providers, cloud platforms, developer services, and crypto applications. The design closely mimics the original services, making it harder for victims to recognize fraudulent messages.
Notably, the platform features an AI assistant. This functionality enables the generation of concepts for phishing campaigns using various AI models. This makes it easier to quickly draft texts that can serve as the basis for large-scale campaigns.
An analysis by Varonis shows that this AI functionality is still relatively immature. According to the company, the generated output contains usable structures but requires further editing before it can be effectively deployed. The assistant thus appears to be primarily focused on providing an initial draft, rather than fully developed campaigns.
Centralized management of phishing infrastructure
In addition to AI functionality, Bluekit brings multiple stages of the attack chain into a single dashboard. Users can register domains, configure phishing pages, and manage campaigns without external tools. Extensive settings are available for the behavior of phishing pages, including redirects, detection evasion, and handling of login processes.
The tool also offers options to filter out unwanted traffic, such as traffic originating from VPNs, proxies, or automated browsers. This can make it more difficult for security researchers to analyze campaigns.
Furthermore, Bluekit supports real-time tracking of victim sessions. This makes data such as cookies and local storage visible, along with the status of active sessions. This provides insight into user behavior following a successful login attempt. Collected data is transmitted via secure communication channels accessible only to campaign administrators.
According to Varonis, Bluekit fits into a broader trend in which phishing tools are increasingly being offered as integrated platforms. This makes it easier to set up and manage full-scale phishing campaigns without extensive technical knowledge.
The tool appears to still be under development and receives regular updates, indicating that its functionality is being expanded.