Dark Reading • 1h
Adaptive Phishing Kits and BlueKit Browser-in-the-Middle BitM Frameworks
Modern phishing campaigns are deploying adaptive kits that utilize client-side JavaScript fingerprinting (User-Agent, OS, screen resolution) to serve device-specific HTML/CSS templates, increasing social engineering success rates. These kits employ Browser-in-the-Middle (BitM) frameworks, such as BlueKit, and OAuth/OIDC Device Code phishing to intercept real-time session cookies and MFA tokens, effectively bypassing traditional multi-factor authentication. Attackers utilize DNS query manipulation and environment-aware checks to evade automated sandboxes and security crawlers. The impact is a significant reduction in MFA efficacy and increased detection difficulty for legacy indicator-based security tools.
Links:Dark Reading, Phishfort, Securityboulevard, Abnormal, Hackread, Cisa, Hoxhunt, Usenix, Adaptivesecurity, Securitybrief, Nhimg, Spamtitan •