Phishing Attack Pivots to Mac After Windows Browser Defenses Improve

Security firm LayerX Labs has identified a sophisticated phishing campaign that recently began targeting Mac users after new browser protections rendered its Windows attacks less effective.

The attackers had previously targeted Windows users with fake Microsoft security alerts, but then adapted their tactics in response to new anti-scareware features deployed in Chrome, Edge, and Firefox browsers earlier this year.

According to LayerX, the original campaign relied on compromised websites that would display fake security warnings claiming the user's computer had been "compromised" and "locked." The malicious code would then freeze the webpage, creating the illusion that the computer was locked and prompting victims to enter their Windows credentials.

What made the campaign particularly effective was its apparent credibility, since the phishing pages were hosted on Microsoft's Windows.net platform. The use of legitimate infrastructure also helped it bypass security tools that assess risk based on domain reputation.

After browser developers implemented new anti-scareware protections in early 2025, LayerX said it observed a 90% drop in Windows-targeted attacks. Within just two weeks, the attackers had shifted their focus to Mac users, who weren't covered by the new protection measures.

"While phishing campaigns targeting Mac users have existed before, they have rarely reached this level of sophistication," notes LayerX in their report. The security firm expects to see "a resurgent wave of attacks" as the threat actors continue to adapt their techniques to overcome new security protections.

The takeaway for Mac users is that you should always verify website URLs when typing them into your browser, and consider using a security tool that can detect browser-level threats.