Researchers discover new all-in-one ‘Bluekit’ phishing kit capable of bypassing enterprise 2FA protocols and emulating 40+ global brands

Bluekit offers phishing-as-a-service with a twist

by · TechRadar

News By Benedict Collins published 30 April 2026

(Image credit: Image: Generated with Google Gemini)

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter

  • Researchers have discovered a complex new phishing kit
  • Bluekit offers phishing in a software-as-a-service package
  • An entire campaign can be centralized and automated, and assisted by AI

Bluekit is a new phishing kit uncovered by Varonis Threat Labs researchers, who reviewed the kit first hand to explore its capabilities.

The phishing kit has a broad range of dangerous capabilities, including the ability to mimic over 40 well-known brands, geolocation emulation, and an AI-assistant to walk you through an attack.

Bluekit is highly professionalized, and offers attackers a sophisticated all-in-one dashboard for launching a phishing campaign.

Article continues below

Bluekit streamlines cybercrime

Rather than congregating each component for a phishing attack from different vendors, Bluekit acts in a similar way to a software-as-a-service platform, with a dashboard that centralizes and automates phishing workflows, significantly reducing the barrier for entry to potentially devastating phishing attacks.

Bluekit handles domain registration, site hosting, and data exfiltration on a single panel, and offers emulation of popular global platforms, including iCloud, Apple ID, Gmail, Outlook, Hotmail, Yahoo, ProtonMail, GitHub, Twitter, Zoho, Zara, and Ledger. Offering such a wide range of targets allows attackers to quickly pivot between targets, run recognizable but local campaigns, and even run attacks simultaneously.

A screenshot from the Bluekit dashboard showing examples of the spoofed login pages. (Image credit: Varonis)

The platform also integrates the Telegram messaging app to offer real-time alerts on successful exfiltration.

Varonis also explored the platforms’ AI assistant, which they say could be potentially jailbroken variants of Llama, GPT-4.1, Sonnet 4, Gemini, and DeepSeek. In testing, the AI agent was capable of drafting “skeleton” phishing emails that required little modification in order to create convincing localized lures. Typically, an official AI model would reject any attempts to draft a phishing email, but by using jailbroken versions these guardrails are removed.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors