ANY.RUN Exposed Tykit: New Phishing Kit Targeting Microsoft 365 Accounts Across Multiple Sectors
DUBAI, DUBAI, UNITED ARAB EMIRATES, October 21, 2025 /EINPresswire.com/ -- ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has uncovered Tykit; a new phishing kit responsible for stealing hundreds of Microsoft 365 credentials from companies across North America and Europe. Targeting mainly the finance and construction sectors, Tykit uses SVG-based payloads and a multi-stage credential theft process, pointing to a growing phishing-as-a-service model now spreading across global campaigns.
๐๐จ๐ฐ ๐ญ๐ก๐ ๐๐ญ๐ญ๐๐๐ค ๐๐จ๐ซ๐ค๐ฌ
ANY.RUN observed around 180 related submissions, confirming that Tykit operates as a reusable phishing kit active across multiple attacks.
๐ง๐ฒ๐ฐ๐ต๐ป๐ถ๐ฐ๐ฎ๐น ๐ข๐๐ฒ๐ฟ๐๐ถ๐ฒ๐ ๐ผ๐ณ ๐ง๐๐ธ๐ถ๐:
๐๐ฒ๐น๐ถ๐๐ฒ๐ฟ๐: SVG files act as the initial payload, embedding JavaScript to trigger redirects.
๐๐ ๐ฒ๐ฐ๐๐๐ถ๐ผ๐ป ๐ฐ๐ต๐ฎ๐ถ๐ป: Victims pass through trampoline pages and CAPTCHA validation before reaching the phishing page.
๐๐ป๐๐ถ-๐ฎ๐ป๐ฎ๐น๐๐๐ถ๐: Pages use simple anti-debugging methods, such as blocking DevTools and disabling right-click.
๐๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น ๐๐ต๐ฒ๐ณ๐: The fake Microsoft 365 page captures login details and sends them to the attackerโs server.
๐๐ป๐ณ๐ฟ๐ฎ๐๐๐ฟ๐๐ฐ๐๐๐ฟ๐ฒ ๐ฟ๐ฒ๐๐๐ฒ: Multiple samples share the same structure and behavior, confirming a templated phishing kit in circulation.
Read the full analysis, explore live sessions, collect IOCs and detection rules, and learn how to defend against Tykit attacks; all on the ANY.RUN blog.
๐๐๐จ๐ฎ๐ญ ๐๐๐.๐๐๐
ANY.RUN is a leading provider of interactive malware analysis and threat intelligence solutions trusted by over 500,000 cybersecurity professionals and 15,000+ organizations worldwide. The interactive sandbox enables teams to observe malware behavior in real time, extract indicators of compromise, and accelerate detection and response. Paired with Threat Intelligence Lookup and TI Feeds, ANY.RUN delivers actionable insights that help SOC teams, MSSPs, and researchers stay ahead of evolving threats.
The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
LinkedIn
YouTube
X
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
