Bluekit Phishing Kit Introduces Browser-in-the-Middle Technique

Netcraft has identified the operational deployment of Bluekit, a Phishing-as-a-Service platform, which has evolved to utilize a Browser-in-the-Middle (BitM) technique for credential theft. Approximately 70 hostnames associated with Bluekit were detected in the past week. This platform allows attackers to control a browser session that loads legitimate login pages, enabling real-time interaction with victims. The platform employs advanced evasion tactics, including dynamic JavaScript obfuscation and custom CAPTCHAs, making detection challenging. Bluekit's capabilities include an AI assistant for drafting phishing emails and a victim qualification system to distinguish real targets from automated scanners. The attack method has been confirmed operational at scale, posing a significant threat to users of popular online services. Organizations are advised to be vigilant against this sophisticated phishing threat.

Key Points: • Bluekit has transitioned to a Browser-in-the-Middle technique for phishing attacks. • Approximately 70 new hostnames associated with Bluekit were identified recently. • The platform uses advanced evasion tactics, making it harder to detect than traditional phishing methods.