HackRead reports that the newly emergent Bluekit phishing-as-a-service kit has been enabling extensive platform targeting with its over 40 counterfeit website templates for Outlook, Gmail, iCloud, GitHub, and Ledger, while evading multi-factor authentication through adversary-in-the-middle techniques, further lowering the barrier to cybercrime.Inputting credentials on fake Bluekit pages allows not only the theft of passwords but also the siphoning of session cookies and local storage data that could then be leveraged for subsequent account compromise, according to findings from Varonis Threat Labs."Operators can buy or connect domains from the same interface used to manage phishing pages and captured logs, rather than splitting that work across separate services. That setup flow also extends into site creation itself," said researchers.Bluekit was also discovered to have the proprietary AI assistant Abliterated Llama, which has primarily enabled campaign framework creation. However, Bluekit developers' integration of voice cloning, antibot cloaking, and geolocation emulation features into the AI assistant may prompt the increased adoption of the PhaaS kit.
Phishing, Threat Intelligence
Multi-platform targeting, AiTM capabilities flexed by novel Bluekit phishing kit
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds