Multi-factor authentication has been the security industry’s answer to phishing for a decade. The logic was sound: even if an attacker steals your password, they still need your phone or your authenticator app. For a while, that was true. It is no longer reliably true.

Two phishing-as-a-service (PhaaS) platforms identified in May 2026 — Kali365 and Bluekit — represent the current state of the art in credential theft. Both bypass MFA entirely, not by cracking it, but by stealing something more valuable than a password: an authenticated session token that proves you already passed MFA.

The FBI issued a formal public service announcement on Kali365. Varonis Threat Labs documented Bluekit. Together, they describe a generation of attacks that the standard advice — “enable two-factor authentication” — no longer adequately addresses.

Kali365: Stealing Tokens From Legitimate Microsoft Pages

The Kali365 attack works through a technique called OAuth device code phishing. Here is the sequence:

  1. The victim receives a message directing them to a legitimate Microsoft sign-in page — not a fake clone, but the actual Microsoft authentication infrastructure.
  2. The page asks the victim to enter a device code that the attacker has pre-generated.
  3. The victim enters the code, believing they are completing a routine authentication step.
  4. Microsoft, recognizing the code as valid, issues OAuth access and refresh tokens tied to the victim’s account.
  5. The attacker receives those tokens. They now have persistent, authenticated access to the victim’s Outlook, OneDrive, Teams, SharePoint, and any other Microsoft 365 service — without ever knowing the victim’s password.

The critical security implication: victims never see a fake page and never type their credentials into a suspicious form. Every interaction happens on genuine Microsoft infrastructure. Standard phishing detection — which looks for mismatched domains, fake login pages, and credential-capture forms — sees nothing suspicious, because nothing suspicious is technically occurring.

Once an attacker holds valid OAuth tokens, they can:

  • Read emails and calendar entries
  • Access and exfiltrate cloud files from OneDrive and SharePoint
  • Send phishing messages impersonating the victim to their contacts, propagating the attack laterally through the organization
  • Maintain access indefinitely via the refresh token, until the victim manually revokes it

The FBI’s public service announcement classified Kali365 as a PhaaS platform — meaning it provides the attack infrastructure as a subscription service. Operators do not need to understand the technical details; they rent the capability.

Bluekit: The AiTM Phishing Superstore

Where Kali365 targets Microsoft specifically, Bluekit is a broader credential-theft platform built on Adversary-in-the-Middle (AiTM) techniques.

Rather than directing victims to legitimate authentication pages, Bluekit inserts itself between the victim and the real website, relaying traffic in real time. The victim believes they are signing into their actual account. They are — but Bluekit intercepts and captures the session cookies and local storage data generated by the successful authentication.

Those captured cookies function as authenticated session tokens. With them, the attacker can access the victim’s account from any device, bypassing MFA entirely, because as far as the platform is concerned, the victim already authenticated.

Bluekit’s feature set, documented by Varonis Threat Labs, is comprehensive:

  • Over 40 fake website templates mimicking iCloud, Apple ID, Gmail, Outlook, Hotmail, Yahoo, ProtonMail, GitHub, Twitter, Zoho, Zara, and the cryptocurrency wallet Ledger
  • An integrated domain management dashboard allowing operators to purchase domains and deploy phishing pages from a single interface
  • Data exfiltration via Telegram, delivering captured credentials and session data directly to the operator’s account
  • An AI assistant called “Abliterated Llama” — described in Bluekit’s own marketing as an AI “without safety guardrails” — capable of generating targeted phishing lures, customizing messages per victim, and answering operator questions about attack execution

Varonis researchers also noted that voice cloning, geolocation emulation, and antibot cloaking features are under active development. If those ship, Bluekit will combine MFA-bypassing credential theft with AI voice impersonation in a single platform — a capability that currently requires assembling multiple separate tools.

What Actually Protects You Now

Standard guidance — “use multi-factor authentication, don’t click suspicious links, look for HTTPS” — is no longer sufficient against these attack classes. The attacks are specifically designed to defeat each of those defenses.

What does provide meaningful protection:

Phishing-resistant MFA using hardware security keys (FIDO2/WebAuthn standard) generates credentials that are cryptographically bound to the specific domain requesting authentication. Even if an attacker intercepts the authentication flow, the credential is unusable anywhere else. This is the defense that token-theft attacks cannot currently bypass.

Conditional access policies that flag authentication from new devices, unfamiliar IP ranges, or unusual geographic locations add a second detection layer — even if a token is stolen, its use may trigger a security alert before significant damage occurs.

OAuth app review — regularly auditing which applications have active OAuth tokens linked to corporate accounts — allows security teams to revoke access from sessions that shouldn’t exist.

Zero-trust network segmentation limits what an attacker can reach even after obtaining valid credentials for one account.

The FBI’s issuance of a dedicated PSA on Kali365, rather than a generic phishing advisory, signals that the platform has reached a scale of deployment that warrants specific institutional attention. Organizations that have not yet deployed phishing-resistant MFA should treat both Kali365 and Bluekit as the reason why.