Emerging Blacksite Phishing Kit Combines AiTM with Cloaking Technology

In June 2026, researchers identified a new phishing kit named Blacksite, which utilizes adversary-in-the-middle (AiTM) techniques to bypass multi-factor authentication. Developed by the threat actor kirapayload, Blacksite is sold alongside Cloaked.gg, a cloaking service that conceals phishing infrastructure from automated detection systems. The kit captures authentication tokens, session cookies, and 2FA codes in real-time, enabling full account takeovers across various platforms, including Google and Microsoft. Blacksite is offered for $1,000 per month, with a discounted rate for early customers, and has been marketed on cybercrime forums and Telegram. The integration of Cloaked.gg allows for sophisticated evasion tactics against security tools, making it a significant threat to organizations relying solely on automated link scanning for security. This commercialization of phishing tools lowers the barrier to entry for cybercriminals, expanding the pool of potential attackers. The service has already received positive reviews from verified purchasers, indicating active transactions.

Key Points: • Blacksite phishing kit enables real-time credential theft using AiTM techniques. • Cloaked.gg provides evasion capabilities to avoid detection by security tools. • The commercialization of these tools lowers the skill barrier for cybercriminals.