Bluekit Phishing as a Service (PhaaS)
Essential information
- Published
- 17/06/2026 01:44
- Modified
- 17/06/2026 08:20
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- account-takeover anti-detection automated-workflows credential-harvesting cryptocurrency-theft peer-to-peer-infrastructure phishing-as-a-service session-hijacking
- Tags
- 2026-06-16 account takeover anti-detection automated-workflows credential harvesting cryptocurrency theft peer-to-peer-infrastructure phishing-as-a-service session hijacking
- Related entities
- 5 indicators, 5 observables, 8 others
Description
BlueKit operates as a mature commercial Phishing-as-a-Service platform offering 87 ready-made phishing kits targeting banks, cloud services, cryptocurrency exchanges, and global brands. The platform features subscription-based access, automated account takeover capabilities, peer-to-peer infrastructure for stealth, and integrated anti-detection tooling. BlueKit supports credential harvesting, session hijacking, and automated post-compromise workflows including password resets and passkey enrollment. The platform includes bulk SMS phishing capabilities, Telegram notifications, hardware wallet seed phrase harvesting, and integration with anti-detect browsers. Operating through Tor and clearnet domains with cryptocurrency payments, BlueKit employs a reseller model enabling white-label redistribution. The platform significantly lowers technical barriers for cybercriminals while providing enterprise-grade phishing infrastructure, posing critical threats to financial institutions, cloud environments, and cryptoc...