Cybersecurity researchers warn of increasingly sophisticated phishing tools leveraging artificial intelligence (AI) and multi-factor authentication (MFA) bypass techniques to steal login data at scale.
Cybersecurity experts have uncovered a wave of advanced phishing kits that combine artificial intelligence (AI), evasive design, and multi-factor authentication (MFA) bypass tactics to execute large-scale credential theft campaigns targeting corporate and individual accounts across major online platforms.
According to a report published by The Hacker News, researchers have documented four new phishing toolkits, BlackForce, GhostFrame, InboxPrime AI, and Spiderman, that are actively being used in malicious campaigns. These kits facilitate credential harvesting and account takeovers by tricking victims into entering login credentials on convincingly spoofed web pages, often followed by real-time interception of MFA codes.
Cybersecurity analysts note that these kits are more than simple phishing clones; they are Phishing-as-a-Service (PhaaS) platforms with modular features and automated functions that significantly lower the barrier to entry for cybercriminals. The incorporation of AI into tools like InboxPrime AI automates message crafting and personalization, making phishing campaigns more scalable and harder to detect.
BlackForce’s browser attacks (Man-in-the-Browser) and ability to thwart multi-factor authentication (MFA) show that attackers are innovating not just in social engineering but also in technical interception, reflecting a trend where even multi-factor protections can be undermined by cleverly orchestrated phishing flows.
These kits combine advanced technical features with automated workflows to steal credentials and authentication codes in real time, often redirecting victims to legitimate websites to mask the compromise.
Once victims provide their login information and MFA codes, attackers gain full access to the accounts. Victims are typically redirected to legitimate websites’ homepages to conceal the breach.
Security researchers have stressed the sophisticated and stealthy nature of these new phishing kits. Barracuda’s Sreyas Shetty explained how GhostFrame employs an invisible iframe to load phishing pages, allowing attackers to update malicious content without altering the parent page, which “helps evade detection from automated scanners and security tools.” Analysts from Zscaler ThreatLabz indicated the power of AI-driven automation in InboxPrime AI, noting that by “leveraging AI to generate personalized phishing emails at scale,” the tool significantly increases the likelihood of deceiving victims while effectively bypassing traditional spam filters. Regarding BlackForce, researchers warned that its man-in-the-browser capabilities, combined with real-time interception of multi-factor authentication (MFA) codes “represent a worrying advancement in phishing tactics — enabling attackers to bypass multi-factor authentication protections that were once considered robust.” Together, these observations reveal how threat actors are continuously refining their methods to outpace security defenses.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
The rise of AI-powered phishing kits is part of a broader trend where artificial intelligence is being harnessed to amplify cyber fraud far beyond traditional email scams. Earlier in 2025, researchers identified phishing campaigns that exploited legitimate generative AI website builders to create highly convincing spoof sites imitating official government services. This approach demonstrated how AI tools can be repurposed by threat actors to craft realistic, sophisticated attack surfaces that deceive even cautious users. By automating both the creation of fraudulent websites and the personalization of phishing messages, AI significantly lowers the barrier for cybercriminals to launch large-scale, targeted campaigns with greater success rates. This evolution reflects a shift where AI no longer simply assists attackers but fundamentally transforms the scale, complexity, and effectiveness of phishing and social engineering attacks.
Go deeper: AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims
Educating employees and users about recognizing phishing cues, verifying unexpected requests, and reporting suspicious messages reduces the likelihood of successful compromise.
While MFA greatly enhances security, some advanced phishing kits can intercept MFA codes in real time, reducing its effectiveness. Therefore, stronger forms of MFA and additional security layers are recommended.
Organizations should implement phishing-resistant MFA methods (such as hardware security keys), train employees to recognize sophisticated phishing attempts, use AI-enhanced email filtering, and continuously monitor for unusual account activities.