The Bluekit phishing kit has evolved to include browser-in-the-middle (BitM) capabilities, enhancing its ability to steal login credentials by allowing attackers to control a victim's browser session. This method utilizes the open-source JavaScript library 'rrweb' to capture and relay user inputs, while also employing sophisticated anti-analysis techniques to evade detection.
The most valuable insight for you is that the Bluekit phishing kit has advanced to using a browser-in-the-middle (BitM) attack method, leveraging the rrweb JavaScript library to capture and control victim interactions with legitimate login pages. This evolution in phishing tactics means your security measures need to focus on detecting such sophisticated attacks, using indicators like unusual latency in user interactions, CSS filter manipulation, and WebSocket communications on login pages. Additionally, enhancing anti-phishing defenses with behavioral AI could help automate detection and response, reducing the operational burden on security teams.