30.04.2026
3 min
214
The new service, BlueKit, offers cybercriminals a ready-made phishing infrastructure, complete with an AI assistant and a set of attack templates. The platform is already being actively promoted as an easy way to launch campaigns even without technical knowledge.
A brand-new phishing tool referred to as Bluekit provides cyber-criminals with a pre-built collection of over forty (40) template pages targeting the top on-line services, as well as the ability to utilize Artificial Intelligence (AI) to develop campaigns. Bluekit was presented by its developers as a “one-size-fits-all” solution, providing those who are inexperienced in launching on-line attacks with an opportunity to conduct such attacks easily.
Among the many templates offered by Bluekit include template pages designed to attack e-mail providers such as Outlook, Hotmail, Gmail, Yahoo and ProtonMail; as well as iCloud, GitHub, and other on-line services focused upon cryptocurrency such as Ledger. The variety of templates provided by Bluekit provide attackers with a chance to target the most widely used sites for on-line phishing attacks.
One of the major advantages of utilizing Bluekit is its use of Artificial Intelligence (AI). An AI Assistant panel has been integrated into the tool, which utilizes numerous AI models, including Llama, GPT-4.1, Claude, Gemini and DeepSeek. This panel will help create a phishing email text based on user input.
This example represents an emerging trend in how cybercrime organizations leverage AI as a way to increase their operational capacity. Abnormal Security has previously written about another AI-based service called ATHR that leverages AI agents to perform voice phishing (Vishing) and social engineering attacks.
Varonis describes the AI component of Bluekit as “raw”. The researcher’s testing was done using a limited version of the Bluekit panel. The researcher stated that the AI-generated texts included placeholder fields and would need additional refinement:
“The [AI-generated] draft had a good structure, but was still based on generic link fields, placeholder QR-code blocks, and had to have some clean-up applied prior to it being ready for use.”
According to Varonis, at this time the Bluekit AI Assistant appears to resemble more of a campaign skeleton creation tool versus a complete attack generation machine.
Bluekit also integrates various components of the attack preparation process in one place. This includes registering domain names, setting up phishing pages and managing campaigns all within the same service. The templates that were reviewed by the researcher included webpages related to iCould, AppleID, Gmail, Outlook, Hotmail, Yahoo!, ProtonMail, GitHub, Twitter, Zoho, Zara, and Ledger. All the templates were created with what looked like very realistic designs and utilized actual logos for each webpage. This added realism made the fake webpages look even more legitimate.
All management of the Bluekit system occurs via a single interface. Users can select domains they wish to utilize for their phishing campaigns, toggle between modes of operation for their selected domains, and adjust behavior on the selected domains’ phishing pages such as redirecting victims who click on links within the phishing page, utilizing anti-analysis techniques to prevent security professionals from analyzing the phishing page, and modifying login logic. Additionally, users can monitor in real-time what the victims are doing during each session.
The information obtained by hacking into an account is sent to hackers through Telegram in private channels available to the hackers. Since the hacker has access to all of your data, they can track what you see after login; this helps them improve their attacks faster and increase their chances of success.
Varonis states that Bluekit is one of many “one-stop shop” types of services being used as such by new hackers who have limited knowledge and experience with conducting phishing attacks from start-to-finish.
Additionally, Bluekit continues to be active and continually receiving updated versions. As such, there are potential advantages to using Bluekit to conduct phishing scams in the future.
