BlackForce, GhostFrame, InboxPrime AI, and Spiderman phishing kits scaling credential theft
Malware Activity
Summary
Hide ▲
Show ▼
BlackForce, GhostFrame, InboxPrime AI, and Spiderman are newly documented phishing kits that expand credential theft at scale and make it easier to bypass MFA, impersonate brands, and target banking and email logins. BlackForce adds MitB-based OTP capture and MFA bypass, while GhostFrame hides phishing content behind an iframe delivery chain. InboxPrime AI automates mass mailing with AI-generated lures, and Spiderman clones European bank login pages and session-theft workflows for financial fraud.
Related Happenings
AI chatbot cryptojacking campaign targeting high-performance GPU users
Campaign
First: 27.05.2026 10:45
Last: 27.05.2026 10:45
Sources 1
About this happening:
An active **cryptojacking campaign** is using **AI chatbot interactions** and **SEO-poisoned download sites** to deliver mining malware, expanding the reach of malicious downloads...
AI chatbot cryptojacking campaign targeting high-performance GPU users
CampaignAbout this happening: An active **cryptojacking campaign** is using **AI chatbot interactions** and **SEO-poisoned download sites** to deliver mining malware, expanding the reach of malicious downloads...
Ghostwriter Prometheus-themed phishing campaign targeting Ukraine government organizations
Campaign
First: 22.05.2026 19:20
Last: 22.05.2026 19:20
Sources 1
About this happening:
A **Ghostwriter** phishing campaign is targeting **Ukraine government organizations** with **Prometheus-themed lures**, increasing the risk of credential theft and follow-on acces...
Ghostwriter Prometheus-themed phishing campaign targeting Ukraine government organizations
CampaignAbout this happening: A **Ghostwriter** phishing campaign is targeting **Ukraine government organizations** with **Prometheus-themed lures**, increasing the risk of credential theft and follow-on acces...
Bluekit alliance reshapes ransomware ecosystem operations
Threat Actor Meta
First: 30.04.2026 21:58
Last: 30.04.2026 21:58
Sources 1
About this happening:
Bluekit's **AI-assisted** phishing kit has expanded into an **all-in-one** service, lowering the barrier for cybercriminal operators and signaling a more industrialized phishing m...
Bluekit alliance reshapes ransomware ecosystem operations
Threat Actor MetaAbout this happening: Bluekit's **AI-assisted** phishing kit has expanded into an **all-in-one** service, lowering the barrier for cybercriminal operators and signaling a more industrialized phishing m...
BlackFile vishing extortion campaign targeting retail and hospitality organizations
Campaign
First: 24.04.2026 21:26
Last: 24.04.2026 21:26
Sources 1
About this happening:
The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...
BlackFile vishing extortion campaign targeting retail and hospitality organizations
CampaignAbout this happening: The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...
ATHR productized automated vishing platform for credential theft
Threat Actor Meta
First: 16.04.2026 17:09
Last: 16.04.2026 17:09
Sources 1
About this happening:
ATHR is turning **automated vishing** into a **productized underground service**, lowering the barrier for credential theft across **Google**, **Microsoft**, **Coinbase**, and oth...
ATHR productized automated vishing platform for credential theft
Threat Actor MetaAbout this happening: ATHR is turning **automated vishing** into a **productized underground service**, lowering the barrier for credential theft across **Google**, **Microsoft**, **Coinbase**, and oth...
Timeline
-
12.12.2025 16:04 2 articles · 5mo ago
BlackForce, GhostFrame, InboxPrime AI, and Spiderman documented
Initial DisclosureCybersecurity researchers documented BlackForce, GhostFrame, InboxPrime AI, and Spiderman as phishing kits that facilitate credential theft at scale. BlackForce uses Man-in-the-Browser (MitB) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA), GhostFrame hides phishing login content behind an embedded iframe to steal Microsoft 365 and Google credentials, InboxPrime AI automates mass mailing with AI-generated lures and Gmail web interface evasion, and Spiderman replicates European banking login pages while managing stolen session data in real time.
Show sources
- New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale — thehackernews.com — 12.12.2025 16:04
- New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale — thehackernews.com — 12.12.2025 16:04