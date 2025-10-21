DUBAI, DUBAI, UNITED ARAB EMIRATES, October 21, 2025 /EINPresswire.com/ -- ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has uncovered Tykit; a new phishing kit responsible for stealing hundreds of Microsoft 365 credentials from companies across North America and Europe. Targeting mainly the finance and construction sectors, Tykit uses SVG-based payloads and a multi-stage credential theft process, pointing to a growing phishing-as-a-service model now spreading across global campaigns.

𝐇𝐨𝐰 𝐭𝐡𝐞 𝐀𝐭𝐭𝐚𝐜𝐤 𝐖𝐨𝐫𝐤𝐬

ANY.RUN observed around 180 related submissions, confirming that Tykit operates as a reusable phishing kit active across multiple attacks.

𝗧𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝗢𝘃𝗲𝗿𝘃𝗶𝗲𝘄 𝗼𝗳 𝗧𝘆𝗸𝗶𝘁:

𝗗𝗲𝗹𝗶𝘃𝗲𝗿𝘆: SVG files act as the initial payload, embedding JavaScript to trigger redirects.

𝗘𝘅𝗲𝗰𝘂𝘁𝗶𝗼𝗻 𝗰𝗵𝗮𝗶𝗻: Victims pass through trampoline pages and CAPTCHA validation before reaching the phishing page.

𝗔𝗻𝘁𝗶-𝗮𝗻𝗮𝗹𝘆𝘀𝗶𝘀: Pages use simple anti-debugging methods, such as blocking DevTools and disabling right-click.

𝗖𝗿𝗲𝗱𝗲𝗻𝘁𝗶𝗮𝗹 𝘁𝗵𝗲𝗳𝘁: The fake Microsoft 365 page captures login details and sends them to the attacker’s server.

𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗿𝗲𝘂𝘀𝗲: Multiple samples share the same structure and behavior, confirming a templated phishing kit in circulation.

Read the full analysis, explore live sessions, collect IOCs and detection rules, and learn how to defend against Tykit attacks; all on the ANY.RUN blog.

𝐀𝐛𝐨𝐮𝐭 𝐀𝐍𝐘.𝐑𝐔𝐍

ANY.RUN is a leading provider of interactive malware analysis and threat intelligence solutions trusted by over 500,000 cybersecurity professionals and 15,000+ organizations worldwide. The interactive sandbox enables teams to observe malware behavior in real time, extract indicators of compromise, and accelerate detection and response. Paired with Threat Intelligence Lookup and TI Feeds, ANY.RUN delivers actionable insights that help SOC teams, MSSPs, and researchers stay ahead of evolving threats.

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.