Bluekit phishing kit adopts browser-in-the-middle for login theft

Bluekit, a phishing-as-a-service platform first documented in April, has evolved to include browser-in-the-middle (BitM) capabilities using the open-source JavaScript library rrweb. This technique streams the legitimate login page's DOM to victims over WebSocket, allowing attackers to capture credentials and session tokens while bypassing MFA. The platform also features sophisticated anti-analysis defenses including randomized CSS filters, obfuscated JavaScript bundles, custom CAPTCHAs, browser fingerprinting, and WebRTC-based VPN/proxy detection. Nearly 70 new hostnames were identified in the past week, indicating active expansion. Indicators of Bluekit activity include WebSocket connections sending encrypted data on login pages and CSS filter manipulation on top-level HTML elements.

Nguồn: https://www.bleepingcomputer.com/news/security/bluekit-phishing-kit-adopts-browser-in-the-middle-for-login-theft. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.

Đề xuất cho bạn

Securelist015 phút11 giờ trước

Threat landscape for SMBs in 2026: fake AI tools, phishing and more

Kaspersky's 2026 SMB threat report reveals a nearly fivefold increase in cyberattacks disguising malware as popular AI tools like Claude compared to 2025. Fake messenger apps remain the most common lure with over 414,000 attacks detected in the first four months of 2026. Phishing campaigns increasingly exploit legitimate platforms (OneDrive, Zoom Docs) to bypass email filters. Dark web analysis shows SMBs and mid-sized businesses account for more than half of all initial access listings sold by brokers, with Middle East, Africa, and Latin America seeing significant increases. The report includes a practical cybersecurity action plan covering access controls, employee training, backups, and specialized security solutions.

#security#cyber