Bluekit alliance reshapes ransomware ecosystem operations
Threat Actor Meta
Summary
Hide ▲
Show ▼
Bluekit's AI-assisted phishing kit has expanded into an all-in-one service, lowering the barrier for cybercriminal operators and signaling a more industrialized phishing market. It bundles 40+ templates for major email, cloud, developer, and crypto services, including Outlook, Gmail, iCloud, GitHub, and Ledger. The platform's AI Assistant panel supports models such as Llama, GPT-4.1, Claude, Gemini, and DeepSeek to help generate campaign drafts.
Related Happenings
BlackForce, GhostFrame, InboxPrime AI, and Spiderman phishing kits scaling credential theft
Malware Activity
First: 12.12.2025 16:04
Last: 12.12.2025 16:04
Sources 1
About this happening:
**BlackForce**, **GhostFrame**, **InboxPrime AI**, and **Spiderman** are newly documented phishing kits that expand **credential theft at scale** and make it easier to bypass **MF...
BlackForce, GhostFrame, InboxPrime AI, and Spiderman phishing kits scaling credential theft
Malware ActivityAbout this happening: **BlackForce**, **GhostFrame**, **InboxPrime AI**, and **Spiderman** are newly documented phishing kits that expand **credential theft at scale** and make it easier to bypass **MF...
Darcula 3.0 phishing-as-a-service ecosystem adds AI automation and anti-detection at scale
Threat Actor Meta
First: 25.11.2025 18:00
Last: 25.11.2025 18:00
Sources 1
About this happening:
**Darcula 3.0** has added **anti-detection features**, an enhanced admin panel, a card-cloning tool, and **AI-driven automation**, making phishing-page creation faster and easier...
Darcula 3.0 phishing-as-a-service ecosystem adds AI automation and anti-detection at scale
Threat Actor MetaAbout this happening: **Darcula 3.0** has added **anti-detection features**, an enhanced admin panel, a card-cloning tool, and **AI-driven automation**, making phishing-page creation faster and easier...
Tycoon 2FA phishing kit activity at enterprise scale
Malware Activity
First: 18.11.2025 17:01
Last: 18.11.2025 17:01
Sources 1
About this happening:
The **Tycoon 2FA** phishing kit is being used at scale to relay MFA and steal enterprise sessions, putting **Microsoft 365** and **Gmail** users at risk. More than **64,000 attack...
Tycoon 2FA phishing kit activity at enterprise scale
Malware ActivityAbout this happening: The **Tycoon 2FA** phishing kit is being used at scale to relay MFA and steal enterprise sessions, putting **Microsoft 365** and **Gmail** users at risk. More than **64,000 attack...
Varonis Interceptor launches as AI-native email and browser security
Security Tool/Service
First: 13.10.2025 17:04
Last: 13.10.2025 17:04
Sources 1
About this happening:
**Varonis** launched **Varonis Interceptor**, an **AI-native email security** and browser security product designed to block **phishing**, **business email compromise**, **social...
Varonis Interceptor launches as AI-native email and browser security
Security Tool/ServiceAbout this happening: **Varonis** launched **Varonis Interceptor**, an **AI-native email security** and browser security product designed to block **phishing**, **business email compromise**, **social...
Gmail rolls out end-to-end encrypted email sending via client-side encryption
Security Tool/Service
First: 03.10.2025 14:18
Last: 03.10.2025 14:18
Sources 1
About this happening:
**Google** is rolling out **end-to-end encrypted email** for **Gmail enterprise users**, expanding a concrete security capability to messages sent to **any email service or platfo...
Gmail rolls out end-to-end encrypted email sending via client-side encryption
Security Tool/ServiceAbout this happening: **Google** is rolling out **end-to-end encrypted email** for **Gmail enterprise users**, expanding a concrete security capability to messages sent to **any email service or platfo...
Timeline
-
30.04.2026 21:58 2 articles · 27d ago
Bluekit phishing kit debuts with AI-assisted campaign drafting
Initial DisclosureBluekit emerges as a phishing kit offering more than 40 templates for Outlook, Hotmail, Gmail, Yahoo, ProtonMail, iCloud, GitHub, Ledger, and other services, alongside an AI Assistant panel that supports Llama, GPT-4.1, Claude, Gemini, and DeepSeek to help draft phishing emails and campaign skeletons. The platform also bundles domain purchase and registration, phishing page setup, campaign management, anti-analysis controls, real-time session monitoring, and Telegram-based exfiltration, while Varonis found placeholder content in the limited AI output and described the system as under active development.
Show sources
- New Bluekit phishing service includes an AI assistant, 40 templates — www.bleepingcomputer.com — 30.04.2026 21:58
- New Bluekit phishing service includes an AI assistant, 40 templates — www.bleepingcomputer.com — 30.04.2026 21:58