Advanced Phishing Kits Use AI and MFA Bypass Tactics

The phishing landscape has evolved dramatically. Four advanced phishing kits—BlackForce, GhostFrame, InboxPrime AI, and SpiderM—are now leveraging artificial intelligence and sophisticated MFA bypass techniques to steal credentials at scale.

Key Findings

AI-Powered Social Engineering

These kits use machine learning to:

Generate convincing phishing pages that adapt to target organizations
Craft personalized lures based on scraped social media data
Evade email security filters through dynamic content generation

MFA Bypass Techniques

Modern phishing kits have moved beyond simple credential harvesting:

Real-time Session Hijacking: Intercepting authentication tokens as users enter them
Adversary-in-the-Middle (AiTM): Proxying legitimate authentication flows
Push Notification Fatigue: Bombarding users until they approve fraudulent MFA requests

Detection Indicators

Organizations should monitor for:

Unusual login patterns from new devices/locations
Multiple failed MFA attempts followed by success
Session tokens used from geographically impossible locations

Mitigation Strategies

Deploy phishing-resistant MFA (FIDO2/WebAuthn)
Implement conditional access policies
Regular security awareness training focused on AI-generated threats
Use AI-powered email security that can detect AI-generated content

This research highlights why autonomous security testing must include social engineering attack simulations. RaptorX's red team agents can simulate these advanced phishing scenarios in controlled environments.

Read full analysis on IntelligenceX Blog →