Enhanced Phishing Solutions: AI-Assisted Bluekit with 40 Custom Templates

A groundbreaking phishing kit known as Bluekit has emerged, offering over 40 templates aimed at popular services and incorporating fundamental AI capabilities to generate campaign drafts.

The assortment of templates provided can target a variety of services, including email accounts (Outlook, Hotmail, Gmail, Yahoo, ProtonMail), cloud services (iCloud), developer platforms (GitHub), and cryptocurrency services (Ledger).

One of the standout features of Bluekit is the introduction of an AI Assistant panel that supports multiple models such as Llama, GPT-4.1, Claude, Gemini, and DeepSeek, aiding cybercriminals in drafting phishing emails.

This trend reflects the integration of AI into cybercrime platforms to enhance efficiency and scalability. Abnormal Security recently highlighted ATHR, a voice phishing platform utilizing AI agents for social engineering attacks.

Varonis, a cybersecurity firm, examined a limited version of Bluekit’s AI Assistant panel and noted that the generated drafts contained placeholder content, indicating an early experimental phase for this feature.

“The draft provided a solid structure but relied on generic link fields, placeholder QR blocks, and content requiring refinement before use,” according to Varonis.

“Bluekit’s AI Assistant seems more geared towards generating a campaign outline rather than a polished phishing flow.”

Aside from its AI capabilities, BlueKit integrates domain registration/purchase, phishing page setup, and campaign management within a unified interface.

Varonis reviewed templates for various services like iCloud, Apple ID, Gmail, Outlook, Hotmail, Yahoo, ProtonMail, GitHub, Twitter, Zoho, Zara, and Ledger, showcasing realistic designs and logos.

Operators have the ability to select domains, templates, and modes through a single interface, configure phishing page behavior (such as redirects, anti-analysis measures, and login process handling), and monitor victim sessions in real-time.

The dashboard offers users precise control over phishing page behavior, allowing them to block VPN or proxy traffic, headless user agents, or implement fingerprint-based filters.

Stolen data is extracted via Telegram on private channels accessible to operators.

Post-capture session monitoring includes cookies, local storage, and live session state, revealing the content served to victims after login to help operators refine their attacks for maximum impact.

Varonis suggests that Bluekit exemplifies an “all-in-one” phishing platform, equipping lower-tier cybercriminals with comprehensive tools to manage the entire phishing attack process.

Despite being in active development, Bluekit receives frequent updates and evolves rapidly, positioning it as a promising tool for wider adoption.

An AI innovation combined four zero-day vulnerabilities into a single exploit that circumvented both renderer and OS sandboxes, hinting at a wave of forthcoming exploits.

Join the Autonomous Validation Summit on May 12 & 14 to witness how autonomous, context-rich validation identifies vulnerabilities, proves control effectiveness, and completes the remediation cycle.

Claim Your Spot