Skip to Content

Phishing Attack Pivots to Mac After Windows Browser Defenses Improve

by

Security firm LayerX Labs has identified a sophisticated phishing campaign that recently began targeting Mac users after new browser protections rendered its Windows attacks less effective.

mac apple logo lit
The attackers had previously targeted Windows users with fake Microsoft security alerts, but then adapted their tactics in response to new anti-scareware features deployed in Chrome, Edge, and Firefox browsers earlier this year.

According to LayerX, the original campaign relied on compromised websites that would display fake security warnings claiming the user's computer had been "compromised" and "locked." The malicious code would then freeze the webpage, creating the illusion that the computer was locked and prompting victims to enter their Windows credentials.

What made the campaign particularly effective was its apparent credibility, since the phishing pages were hosted on Microsoft's Windows.net platform. The use of legitimate infrastructure also helped it bypass security tools that assess risk based on domain reputation.

After browser developers implemented new anti-scareware protections in early 2025, LayerX said it observed a 90% drop in Windows-targeted attacks. Within just two weeks, the attackers had shifted their focus to Mac users, who weren't covered by the new protection measures.

Mac Phishing Attack Feb 2025

Phishing attack displaying fake security warning

The Mac-targeted phishing pages use a similar visual design but have been tailored specifically for macOS and Safari users. However, the campaign is still using the Windows.net infrastructure. Victims typically arrive at these phishing pages through typos in URLs, which lead to compromised domain parking pages that rapidly redirect through multiple sites before landing on the malicious page.

"While phishing campaigns targeting Mac users have existed before, they have rarely reached this level of sophistication," notes LayerX in their report. The security firm expects to see "a resurgent wave of attacks" as the threat actors continue to adapt their techniques to overcome new security protections.

The takeaway for Mac users is that you should always verify website URLs when typing them into your browser, and consider using a security tool that can detect browser-level threats.

Popular Stories

Apple Event Logo

Apple Released Seven New Products Today

Wednesday March 11, 2026 7:05 am PDT by
Starting today, the seven new Apple products that were announced last week are available at Apple Stores and beginning to arrive to customers. The colorful MacBook Neo and all of the other new products are on display at most Apple Store locations around the world starting today. Apple Stores have inventory of the new products for both walk-in customers and Apple Store pickup, but...
Read Full Article26 comments
iOS 27 Mock Quick

10+ New Features Coming in iOS 27

Friday March 13, 2026 2:13 pm PDT by
We're only three months away from Apple's WWDC 2026 event, which will see the company unveil iOS 27. With the fully revamped version of Siri possibly delayed until September, iOS 27 is shaping up to be the update we wanted iOS 26 to be. There will be new Apple Intelligence features, updates for the iPhone Fold, and more, with the latest rumors summarized below. Foldable iPhone Features...
Read Full Article107 comments
iOS 27 Mock Quick

iOS 27 Will Reportedly Be Like Mac OS X Snow Leopard

Sunday March 15, 2026 9:42 am PDT by
In his Power On newsletter today, Bloomberg's Mark Gurman reiterated that iOS 27 will be similar to 2009's Mac OS X Snow Leopard, in the sense that one of Apple's biggest priorities is bug fixes for improved performance and stability. At WWDC 2008, Apple showed a presentation that said Mac OS X Snow Leopard had "0 new features," as it opted to focus on performance and stability...
Read Full Article231 comments

Top Rated Comments

surfzen21 Avatar
surfzen21
13 months ago
LOL

I remember years ago getting a popup that said my windows machine was infected.

I was SHOCKED because it popped up on my Mac. 😂
Score: 22 Votes (Like | Disagree)
mattopotamus Avatar
mattopotamus
13 months ago

I never use Safari. Can't think of a single reason to use it really.
What would be the reason not to use it?
Score: 16 Votes (Like | Disagree)
Slix Avatar
Slix
13 months ago
I hate to have to say this, but this is not "tailored specifically for macOS". :P

These kind of phishing sites have been around for ages. They prey on people who are too scared to read the flashing words on the screen.

[SPOILER="List of things wrong with their page that tips it off that it's fake:"]
macOS Sonoma is not the latest macOS version, as shown on the webpage. It should be Sequoia.
"MacOS" is written wrong, it should be macOS.
Apple_ID should be Apple ID, or "Apple Account" now, technically.
The spaces before the !!s is usually a sign something is fake.
They sure do love underscores for some reason. :P
None of the dialog boxes have macOS themed buttons.
The "Username/Password" box is the most Windows thing I've ever seen.
Hard to tell if it's just because it's a screenshot, but the image is super blurry.
[/SPOILER]

Stay safe out there everyone! Never call a number just because something on your computer told you to or type in a username and password unless you are meaning to on the site it originated from.
Score: 16 Votes (Like | Disagree)
A
Antes
13 months ago
alright so maybe it is time to consider jumping from the Apple
Score: 14 Votes (Like | Disagree)
HouseLannister Avatar
HouseLannister
13 months ago
Security through obscurity is no longer a strategy. Apple's laptop marketshare is booming the last few years and they will continue to be targeted more and more in the coming years.
Score: 14 Votes (Like | Disagree)
cicalinarrot Avatar
cicalinarrot
13 months ago

alright so maybe it is time to consider jumping from the Apple
Because of a web page telling you "I'm Team Apple, CEO of iPhone, your computer has Mpox, give me money"?
Score: 11 Votes (Like | Disagree)
Read All Comments