ZCyberNews
中文
Threat IntelHigh2 min readBluekit

Bluekit Phishing Service Offers AI Assistant, 40 Templates

A new phishing-as-a-service platform called Bluekit provides over 40 templates targeting banks, social media, and email providers, plus an AI assistant for drafting lures.

Bluekit Phishing Service Offers AI Assistant, 40 Templates

Executive Summary

A new phishing-as-a-service (PhaaS) platform called Bluekit is being sold on Telegram, offering subscribers more than 40 pre-built templates targeting major banks, social media platforms, and email providers. According to a report from BleepingComputer, Bluekit includes a basic AI assistant that can generate campaign drafts, making it easier for less technically skilled attackers to launch targeted credential-harvesting operations.

Technical Analysis

Bluekit operates as a subscription-based service, with pricing tiers that grant access to its template library and AI features. The templates mimic login pages for well-known services, including PayPal, Outlook, and several European banks. The AI assistant, described as a "chatbot" integrated into the kit, allows users to input a target brand or scenario and receive a formatted phishing email or landing page copy. BleepingComputer notes that the AI-generated text is rudimentary but functional, reducing the manual effort required to craft convincing lures.

The kit is distributed exclusively through Telegram channels, a common distribution method for PhaaS platforms. Researchers have not yet identified the specific infrastructure used to host Bluekit phishing pages, but the service likely relies on compromised domains or bulletproof hosting. The templates appear to use standard HTML and JavaScript for form submission, with stolen credentials exfiltrated via HTTP POST requests to attacker-controlled servers.

Mitigations & Recommendations

Organizations should enforce multi-factor authentication (MFA) on all externally facing accounts, as credential harvesting kits like Bluekit typically capture only passwords and session tokens. Security teams should monitor for phishing pages mimicking their brand using services like PhishTank or internal threat intelligence feeds. User awareness training should emphasize the risk of AI-generated phishing content, which may exhibit fewer grammatical errors than traditional lures.

Stay Updated

Get the latest cybersecurity news delivered to your inbox.

Related Articles

Telegram Mini Apps Fuel Crypto Scams, Android Malware CampaignHIGH
Threat Intel

Telegram Mini Apps Fuel Crypto Scams, Android Malware Campaign

Researchers uncovered a fraud network abusing Telegram Mini Apps to impersonate brands, steal crypto wallets, and push Android malware like SpyNote and ERMAC.

2 min read
Vietnamese Phishers Hijack 30K Facebook Accounts via Google AppSheetHIGH
Threat Intel

Vietnamese Phishers Hijack 30K Facebook Accounts via Google AppSheet

Guardio tracks AccountDumpling campaign using Google AppSheet as phishing relay to steal 30,000 Facebook accounts, resold via illicit storefront.

2 min readAccountDumpling
SideWinder APT Deploys Fake Chrome PDF Viewer and Zimbra Clone to StealHIGH
Threat Intel

SideWinder APT Deploys Fake Chrome PDF Viewer and Zimbra Clone to Steal

SideWinder APT targets South Asian government bodies with a phishing campaign using a fake Chrome PDF viewer and a cloned Zimbra login portal to steal webmail credentials, active since February 2026.

3 min readSideWinder