Phishing 2.0: AI-Powered Kits and MFA Bypass Tactics Fuel a Cybercrime Gold Rush

In the shadowy corners of the cybercrime underworld, a fresh breed of phishing kits is arming would-be hackers with unprecedented power. These tools - some powered by artificial intelligence, others designed to outmaneuver multi-factor authentication (MFA) - are fueling a spike in large-scale credential theft, leaving defenders scrambling to keep pace. The stakes have never been higher, as the industrialization of phishing campaigns threatens businesses and individuals across the globe.

The Rise of Automated Phishing-as-a-Service

Phishing kits are nothing new, but 2025 has seen a quantum leap in their sophistication and accessibility. BlackForce, a kit first detected in August, goes far beyond generic fake login pages. Sold openly on Telegram for a few hundred euros, BlackForce uses “Man-in-the-Browser” attacks to intercept both credentials and the one-time passwords users enter during MFA, effectively neutralizing one of the last lines of defense for online accounts. Its developers aggressively update the kit, adding new evasion tactics and expanding its list of impersonated brands, including household names from streaming, logistics, and beyond.

GhostFrame, meanwhile, has enabled over a million phishing attacks by stealthily embedding malicious login forms inside seemingly benign web pages. Its use of dynamic iframes and randomized subdomains makes it a nightmare for defenders, who struggle to block or analyze the shifting infrastructure. The kit’s anti-debugging features further frustrate attempts at forensic investigation.

AI Supercharges Phishing Campaigns

The arrival of InboxPrime AI marks a turning point: phishing campaigns can now be generated, personalized, and sent en masse with the click of a button. For $1,000, anyone can subscribe to this malware-as-a-service platform, which boasts an AI-powered email generator capable of mimicking human communication and bypassing spam filters. Attackers simply select parameters like language, tone, and topic, and let the AI craft convincing lures. Features like sender spoofing, template randomization, and real-time spam diagnostics make it nearly impossible for defenders to keep up with the flood of unique, professional-looking phishing emails.

A New Threat to European Banks

Financial institutions are also in the crosshairs. The Spiderman kit, hawked on Signal messenger, offers pixel-perfect replicas of dozens of European bank and government login portals. It doesn’t just steal usernames and passwords - it can capture cryptocurrency wallet seeds, intercept OTPs, and even harvest PhotoTAN codes, allowing attackers to bypass stringent European banking security measures. Geofencing and device filtering ensure only intended victims are shown the phishing pages, increasing the odds of a successful breach.

Hybrid attacks are further complicating matters. A new Salty-Tycoon kit blends features from two notorious 2FA-bypassing kits, making detection and attribution even harder for security teams.

Conclusion: The Road Ahead

The industrialization and automation of phishing is accelerating, lowering the technical barrier for cybercriminals and increasing the scale and professionalism of attacks. As AI-driven kits and MFA bypass tactics become mainstream, defenders face an uphill battle. The era of “spray and pray” phishing is over - today’s attacks are targeted, adaptive, and disturbingly convincing. For organizations and individuals alike, vigilance and layered security are more critical than ever.