CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Bluekit phishing kit integrates AI assistant and all-in-one attack management

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A new phishing kit named Bluekit, identified in active development as of April 2026, provides cybercriminals with a unified platform for phishing campaign creation, execution, and data exfiltration. The kit includes an AI Assistant panel supporting multiple language models (Llama, GPT-4.1, Claude, Gemini, DeepSeek) to draft phishing emails and over 40 realistic templates targeting email providers (Gmail, Outlook, Yahoo, ProtonMail), cloud services (iCloud), developer platforms (GitHub), and cryptocurrency services (Ledger). Operators can purchase domains, configure anti-analysis mechanisms, block VPN/proxy traffic, and monitor victim sessions in real-time. Stolen credentials are exfiltrated via private Telegram channels. The platform’s experimental AI features and rapid iteration suggest it is designed to lower the barrier to entry for phishing operations while enabling scale and customization.

Timeline

  1. 30.04.2026 21:58 1 articles · 2h ago

    Bluekit phishing kit emerges with AI Assistant and all-in-one campaign management

    A new phishing kit, Bluekit, is observed in active development as of April 2026, offering a unified platform for phishing campaigns featuring an AI Assistant panel, over 40 realistic templates across major services, and integrated domain registration, campaign orchestration, and data exfiltration via Telegram. The kit includes experimental AI-generated drafts requiring manual refinement and provides granular anti-analysis and session-monitoring capabilities.

    Show sources
    Open in new tab

Information Snippets

  • Bluekit includes an AI Assistant panel integrating multiple large language models (Llama, GPT-4.1, Claude, Gemini, DeepSeek) to assist operators in drafting phishing email content.

    First reported: 30.04.2026 21:58
    1 source, 1 article
    Show sources

  • The kit provides over 40 phishing templates targeting email accounts (Outlook, Hotmail, Gmail, Yahoo, ProtonMail), cloud services (iCloud), developer platforms (GitHub), and cryptocurrency services (Ledger).

    First reported: 30.04.2026 21:58
    1 source, 1 article
    Show sources

  • Varonis analysis indicates the AI-generated drafts require manual cleanup, featuring placeholder content such as generic links, QR blocks, and generic copy, suggesting an early experimental stage.

    First reported: 30.04.2026 21:58
    1 source, 1 article
    Show sources

  • Bluekit integrates domain purchase/registration, phishing page setup, campaign management, and real-time victim session monitoring into a single interface.

    First reported: 30.04.2026 21:58
    1 source, 1 article
    Show sources

  • The platform offers granular control over phishing page behavior, including anti-analysis mechanisms, VPN/proxy blocking, headless user agent filtering, and fingerprint-based controls.

    First reported: 30.04.2026 21:58
    1 source, 1 article
    Show sources

  • Stolen credentials are exfiltrated via Telegram, transmitted to private channels accessible only to operators.

    First reported: 30.04.2026 21:58
    1 source, 1 article
    Show sources

  • Session monitoring captures cookies, local storage, and live session state post-login, enabling operators to refine attacks based on victim behavior and page rendering.

    First reported: 30.04.2026 21:58
    1 source, 1 article
    Show sources