BLUEKIT PHISHING KIT ADDS BROWSER-IN-THE-MIDDLE THEFT

Bluekit continues to evolve as a commercial phishing platform, now incorporating browser-in-the-middle (BitM) techniques to intercept and capture user credentials with greater sophistication. The BitM approach positions the attacker's infrastructure between a victim and legitimate websites, allowing real-time interception of login data and session tokens. This advancement moves beyond traditional phishing, which typically relies on static credential capture forms. Researchers discovered approximately 70 additional hostnames linked to Bluekit deployments in a single week, suggesting active distribution and expansion. The platform operates as a phishing-as-a-service model, offering tooling and hosting to lower-skilled attackers. The addition of BitM capabilities represents a significant technical upgrade for the kit, enabling attackers to bypass certain security measures and capture data that standard phishing pages cannot access. Organizations should monitor for Bluekit-related phishing campaigns and educate users on credential verification practices.