Phishing Attack Pivots to Mac After Windows Browser Defenses Improve

by

Security firm LayerX Labs has identified a sophisticated phishing campaign that recently began targeting Mac users after new browser protections rendered its Windows attacks less effective.

mac apple logo lit
The attackers had previously targeted Windows users with fake Microsoft security alerts, but then adapted their tactics in response to new anti-scareware features deployed in Chrome, Edge, and Firefox browsers earlier this year.

According to LayerX, the original campaign relied on compromised websites that would display fake security warnings claiming the user's computer had been "compromised" and "locked." The malicious code would then freeze the webpage, creating the illusion that the computer was locked and prompting victims to enter their Windows credentials.

What made the campaign particularly effective was its apparent credibility, since the phishing pages were hosted on Microsoft's Windows.net platform. The use of legitimate infrastructure also helped it bypass security tools that assess risk based on domain reputation.

After browser developers implemented new anti-scareware protections in early 2025, LayerX said it observed a 90% drop in Windows-targeted attacks. Within just two weeks, the attackers had shifted their focus to Mac users, who weren't covered by the new protection measures.

Mac Phishing Attack Feb 2025

Phishing attack displaying fake security warning

The Mac-targeted phishing pages use a similar visual design but have been tailored specifically for macOS and Safari users. However, the campaign is still using the Windows.net infrastructure. Victims typically arrive at these phishing pages through typos in URLs, which lead to compromised domain parking pages that rapidly redirect through multiple sites before landing on the malicious page.

"While phishing campaigns targeting Mac users have existed before, they have rarely reached this level of sophistication," notes LayerX in their report. The security firm expects to see "a resurgent wave of attacks" as the threat actors continue to adapt their techniques to overcome new security protections.

The takeaway for Mac users is that you should always verify website URLs when typing them into your browser, and consider using a security tool that can detect browser-level threats.

Popular Stories

Golden Apple Logo

Every Apple Secret That Leaked Wednesday

Thursday August 14, 2025 4:13 am PDT by
Apple made a major slip Wednesday when it accidentally included hardware identifiers in software code linking to numerous unannounced products. The leaked information provided MacRumors with concrete evidence of Apple's hardware development across multiple product categories. Here's everything that was confirmed through the code discoveries: New HomePod mini with updated chip – New...
Read Full Article54 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

Alleged iPhone 17 Pro Chassis Offers First Look at All-Aluminum Body

Thursday August 14, 2025 3:40 am PDT by
An alleged iPhone 17 Pro production leak may provide a first look at the device's milled all-aluminum chassis, which this year includes the camera bump – in contrast to last year's iPhone 16 Pro model that features a glass camera module attached to an all-glass back panel. Originally shared by leaker Majin Bu, the image below could be of a moulding, but it still lines up with rumors that...
Read Full Article90 comments
Home Hub Command Center with Dome Base Feature

Apple Working on All-New Operating System

Saturday August 16, 2025 6:45 am PDT by
Apple is developing an all-new operating system codenamed "Charismatic," according to Bloomberg's Mark Gurman. This is likely Apple's long-rumored "homeOS" operating system. In a report this week, Gurman said both Apple's rumored smart home hub in 2026 and tabletop robot in 2027 will run the new operating system. He said the software platform will blend elements of tvOS and watchOS. For...
Read Full Article85 comments
Apple TV 2025 Thumb 2

New Apple TV Coming Later This Year With A17 Pro Chip

Wednesday August 13, 2025 5:29 pm PDT by
Rumors suggest that Apple is working on an updated version of the Apple TV that's slated for launch later this year. Information about the upcoming device that was found in Apple code indicates that it will be equipped with the A17 Pro chip. There have been multiple rumors about a new Apple TV coming in 2025 with a new A-series processor, but it hasn't been clear which chip Apple would use...
Read Full Article122 comments
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Max's Internal Design With Metal Battery Allegedly Leaks

Friday August 15, 2025 9:13 am PDT by
Alleged images of the iPhone 17 Pro Max's internal design have surfaced, offering a potential look inside the device before it is announced by Apple next month. The images were shared by the account "yeux1122" this week, in a blog post on the Korean platform Naver. The account aggregates Apple rumors and leaks, so it is likely not the original source of the images, and it is unclear if they...
Read Full Article63 comments
iPhone 17 Pro Dark Blue and Orange

iPhone 17 Pro to Start at $1,049 With Doubled Base Storage

Wednesday August 13, 2025 1:45 am PDT by
Apple's upcoming iPhone 17 Pro will have a starting price that is $50 more than the iPhone 16 Pro but it will come with a minimum 256GB of storage, doubling the base capacity compared to last year's model. The information comes from Chinese leaker Instant Digital, posting on Weibo. The account, which has 1.5 million followers, has now made the claim three separate times in recent weeks....
Read Full Article128 comments
iPhone 17 Pro Feature Dual

When Will Apple Announce the iPhone 17 Event?

Tuesday August 12, 2025 12:46 pm PDT by
It is now mid-August, meaning that Apple's annual iPhone event is just around the corner. This year, Apple is expected to unveil the iPhone 17, the all-new iPhone 17 Air, the iPhone 17 Pro, and the iPhone 17 Pro Max. Here are some of the key rumors for those devices:iPhone 17: Same design as iPhone 16, but with an A19 chip, a larger 6.3-inch display, an upgraded 24-megapixel front camera, ...
Read Full Article38 comments
Generic iOS 18

Apple Says iOS 18.6.1 is Coming Today

Thursday August 14, 2025 7:29 am PDT by
In case you missed it — this is the post for people who mainly only read headlines — Apple has announced that it will be releasing iOS 18.6.1 and watchOS 11.6.1 later today. Apple shared this information in a press release on its Newsroom website. The software updates will re-enable the Blood Oxygen feature on Apple Watch Series 9, Series 10, and Ultra 2 models sold in the United States....
Read Full Article58 comments
Apple Watch Ultra 2 Complications

Apple Watch Reportedly Set to Receive 'Significant Redesign' Next Year

Friday August 15, 2025 1:31 pm PDT by
At least one new Apple Watch model launching next year will feature a "significant redesign," according to Taiwanese supply chain publication DigiTimes. In a paywalled report this week, citing supply chain insiders, DigiTimes claimed that a high-end 2026 Apple Watch model will feature "exterior design" changes, including but not limited to "eight sensors arranged in a ring pattern visible...
Read Full Article88 comments

Top Rated Comments

surfzen21 Avatar
surfzen21
21 weeks ago
LOL

I remember years ago getting a popup that said my windows machine was infected.

I was SHOCKED because it popped up on my Mac. ?
Score: 22 Votes (Like | Disagree)
mattopotamus Avatar
mattopotamus
21 weeks ago

I never use Safari. Can't think of a single reason to use it really.
What would be the reason not to use it?
Score: 16 Votes (Like | Disagree)
Slix Avatar
Slix
21 weeks ago
I hate to have to say this, but this is not "tailored specifically for macOS". :P

These kind of phishing sites have been around for ages. They prey on people who are too scared to read the flashing words on the screen.

[SPOILER="List of things wrong with their page that tips it off that it's fake:"]
macOS Sonoma is not the latest macOS version, as shown on the webpage. It should be Sequoia.
"MacOS" is written wrong, it should be macOS.
Apple_ID should be Apple ID, or "Apple Account" now, technically.
The spaces before the !!s is usually a sign something is fake.
They sure do love underscores for some reason. :P
None of the dialog boxes have macOS themed buttons.
The "Username/Password" box is the most Windows thing I've ever seen.
Hard to tell if it's just because it's a screenshot, but the image is super blurry.
[/SPOILER]

Stay safe out there everyone! Never call a number just because something on your computer told you to or type in a username and password unless you are meaning to on the site it originated from.
Score: 16 Votes (Like | Disagree)
Antes Avatar
Antes
21 weeks ago
alright so maybe it is time to consider jumping from the Apple
Score: 14 Votes (Like | Disagree)
HouseLannister Avatar
HouseLannister
21 weeks ago
Security through obscurity is no longer a strategy. Apple's laptop marketshare is booming the last few years and they will continue to be targeted more and more in the coming years.
Score: 14 Votes (Like | Disagree)
cicalinarrot Avatar
cicalinarrot
21 weeks ago

alright so maybe it is time to consider jumping from the Apple
Because of a web page telling you "I'm Team Apple, CEO of iPhone, your computer has Mpox, give me money"?
Score: 11 Votes (Like | Disagree)
Read All Comments