Researchers have uncovered a sophisticated phishing kit named Bluekit that consolidates multiple attack functions into a single operator dashboard. Instead of requiring attackers to piece together separate tools for credential harvesting, domain registration, and session theft, Bluekit provides all of these capabilities in one centralized interface. This lowers the technical barrier for less experienced threat actors and streamlines the entire phishing workflow.
How Session Hijacking Bypasses Two Factor Authentication
Bluekit does more than steal passwords. After a victim submits their credentials, the kit captures session tokens, cookies, and local storage data. This allows attackers to hijack active sessions even when the victim has enabled two factor authentication (2FA). The kit includes a Mammoth Details view that tracks session state and provides a live view of the target’s post login activity. This means that even if a user completes a 2FA challenge, Bluekit can steal the resulting session token and bypass that security layer entirely.
Features and Impact on Defenders
The phishing kit offers over 40 website templates for services such as iCloud, Gmail, Outlook, GitHub, and Ledger. It includes automated domain registration, Telegram based data exfiltration, antibot cloaking, and an AI assistant that helps draft campaign text. Researchers from Varonis Threat Labs who analyzed the kit also noted optional add ons like voice cloning. Organizations must adopt phishing resistant authentication methods such as hardware security keys, as standard 2FA can be circumvented. Security teams should monitor for unusual login patterns, session token reuse, and newly registered domains.
Source: Cybersecuritynews
