VERY IMPORTANT

A new phishing kit named Tykit has been discovered targeting Microsoft 365 accounts across various industries. The campaign, active since May 2025, uses SVG files as delivery vectors and implements a multi-stage attack chain. Tykit mimics Microsoft login pages, employs evasion tactics, and executes client-side code in several stages. The most affected industries include construction, professional services, IT, finance, government, and telecom, with victims spread across the US, Canada, LATAM, EMEA, Southeast Asia, and the Middle East. The kit utilizes Cloudflare Turnstile for anti-bot protection and implements basic anti-debugging measures. It exfiltrates stolen credentials through a series of API calls to its command and control servers.