Cybersecurity researchers have identified a new generation of advanced phishing kits that integrate artificial intelligence and sophisticated evasion tactics to capture user credentials — including one-time passwords — and bypass multi-factor authentication (MFA). These tools, documented in recent analysis, represent a significant escalation in phishing threats by automating and scaling attacks across major online services.
The four most prominent kits — BlackForce, GhostFrame, InboxPrime AI and Spiderman — exemplify how cybercriminals are leveraging AI to optimise attack success and evade traditional security controls. BlackForce, first detected in August 2025, combines credential-harvesting with Man-in-the-Browser (MitB) capabilities designed to intercept MFA codes as victims enter them.
These kits are often sold on underground forums and encrypted messaging platforms, lowering the barrier to entry for less-skilled actors and enabling them to deploy highly effective phishing campaigns with minimal technical expertise.
AI Enhances Phishing Effectiveness
Unlike legacy phishing tools that relied on static templates, the latest kits harness AI to produce dynamic and context-aware attack content. This can include automatically generated emails or web pages that closely mimic legitimate corporate login screens and are personalised based on publicly available information about the target. Such automation not only increases the scale of operations but also improves the likelihood that victims will be deceived.
Integration of stealth techniques — such as iframe-based frameworks and real-time script injection — further enhances the ability of kits like GhostFrame to embed malicious code without triggering basic detection mechanisms. Researchers have noted that InboxPrime AI and Spiderman particularly focus on seamless credential collection while resisting heuristic analysis used by email and network-level defenses.
A key concern is the kits’ capacity to capture multi-factor authentication codes by performing MitB attacks, where the malicious code runs within a user’s browser session to intercept data as it is entered. This tactic effectively undermines standard MFA protections — a security layer widely adopted by enterprises and consumers alike to defend against account takeover.
Implications for Security and Mitigation Strategies
The rise of these kits reflects an ongoing trend of cybercriminals adopting AI and automation to scale social engineering attacks. Recent industry reporting highlights that AI-generated phishing lures are more convincing and harder to distinguish from genuine communications, eroding the effectiveness of traditional pattern-based filters.
For organisations and individuals, mitigating these threats requires a combination of advanced detection technologies, user education, and robust authentication practices:
AI-driven email and web filtering that can detect subtle anomalies in message content or page behaviour.
Adaptive MFA mechanisms with device-based or biometric factors that are less susceptible to MitB interception.
Regular cybersecurity awareness training focused on recognising sophisticated phishing tactics.
Cybersecurity experts warn that as AI continues to evolve, so too will phishing infrastructure — potentially integrating real-time language models to craft personalised attack content that is difficult for automated defenses and human users to detect. As defenders adapt, combining machine learning-based threat intelligence with proactive incident response will be essential to counter these next-generation phishing threats.
