Bluekit Phishing Kit Offers AI Assistant, 40+ Templates

Security researchers have uncovered a new phishing-as-a-service platform called Bluekit that advertises more than 40 ready‑made templates targeting popular online services such as Microsoft 365, Google Workspace, Facebook, and Amazon. The kit, advertised on underground forums and reported by BleepingComputer, includes a built‑in AI assistant that can generate convincing phishing campaign drafts on demand, dramatically lowering the technical barrier for threat actors.

Technical analysis reveals that Bluekit is built on a PHP backend with a MySQL database, and its command‑and‑control (C2) infrastructure is hosted on a bulletproof VPS linked to the domain bluekit.c2.xyz. The AI module is based on a lightweight large language model fine‑tuned on previous phishing emails, allowing it to produce personalized lure text, dynamic subject lines, and even adaptive HTML pages that evade static detection rules. In addition to email spoofing via SMTP relay, the kit provides a drag‑and‑drop landing‑page builder, credential harvesting forms, and an auto‑responder that simulates legitimate service notifications to harvest multi‑factor authentication tokens.

The inclusion of AI‑generated content poses a significant challenge for traditional email security controls, as each message can be unique, bypassing hash‑based filters and signature detection. Bluekit is offered under a subscription model priced at approximately $200 per month, with optional add‑ons for SMS phishing (smishing) and voice‑phishing (vishing) modules. Security teams are advised to enforce strict DMARC, SPF, and DKIM policies, deploy advanced anti‑phishing solutions that leverage machine‑learning analysis, and reinforce user awareness training to mitigate the risk posed by this AI‑enhanced phishing toolkit.