Bluekit phishing kit ships 40 templates and a multi-model AI drafting panel

Bluekit is a new phishing-as-a-service offering that bundles more than 40 ready-made templates targeting mainstream email providers, iCloud, GitHub, Ledger, and other high-value accounts. The platform consolidates domain registration, phishing page deployment, anti-analysis filtering, and live session monitoring into a single operator dashboard, with stolen credentials and session state exfiltrated through private Telegram channels.

The kit’s headline feature is an AI Assistant panel wired to Llama, GPT-4.1, Claude, Gemini, and DeepSeek for drafting lure content. Varonis examined the output and found it produces campaign skeletons rather than finished phishing flows — generic placeholders for links and QR codes, copy that still needs human cleanup. The AI surface is early-stage scaffolding, not autonomous attack generation.

Bluekit fits a broader pattern of low-tier phishing crews getting turnkey tooling that previously required custom infrastructure. Operators get fingerprint-based victim filtering, VPN and headless-browser blocking, real-time session replay of post-login pages, and granular control over redirect logic. The kit is under active development, which Varonis flags as a signal that adoption is likely to grow.