#Tycoon phishing kit has a new theme!

Recently we found that Tycoon Phishing-as-a-Service has published a new theme that impersonates a PDF file to open with a fake login page.


This kit has still the same pattern of JS that uses the same name pattern: myscr\[0-9\]{6}.js


The malicious JS file uses the array method and then uses Math functions to craft the malicious HTML that has all the details that we can find on keys of the [Cloudflare](https://www.linkedin.com/company/cloudflare/) API that they are using and details that the …

as-a-service fake file found kit login malware name page pdf phishing phishing-as-a-service phishing kit service theme