Phishing Attack Pivots to Mac After Windows Browser Defenses Improve - MacRumors
Skip to Content

Phishing Attack Pivots to Mac After Windows Browser Defenses Improve

by

Security firm LayerX Labs has identified a sophisticated phishing campaign that recently began targeting Mac users after new browser protections rendered its Windows attacks less effective.

mac apple logo lit
The attackers had previously targeted Windows users with fake Microsoft security alerts, but then adapted their tactics in response to new anti-scareware features deployed in Chrome, Edge, and Firefox browsers earlier this year.

According to LayerX, the original campaign relied on compromised websites that would display fake security warnings claiming the user's computer had been "compromised" and "locked." The malicious code would then freeze the webpage, creating the illusion that the computer was locked and prompting victims to enter their Windows credentials.

What made the campaign particularly effective was its apparent credibility, since the phishing pages were hosted on Microsoft's Windows.net platform. The use of legitimate infrastructure also helped it bypass security tools that assess risk based on domain reputation.

After browser developers implemented new anti-scareware protections in early 2025, LayerX said it observed a 90% drop in Windows-targeted attacks. Within just two weeks, the attackers had shifted their focus to Mac users, who weren't covered by the new protection measures.

Mac Phishing Attack Feb 2025

Phishing attack displaying fake security warning

The Mac-targeted phishing pages use a similar visual design but have been tailored specifically for macOS and Safari users. However, the campaign is still using the Windows.net infrastructure. Victims typically arrive at these phishing pages through typos in URLs, which lead to compromised domain parking pages that rapidly redirect through multiple sites before landing on the malicious page.

"While phishing campaigns targeting Mac users have existed before, they have rarely reached this level of sophistication," notes LayerX in their report. The security firm expects to see "a resurgent wave of attacks" as the threat actors continue to adapt their techniques to overcome new security protections.

The takeaway for Mac users is that you should always verify website URLs when typing them into your browser, and consider using a security tool that can detect browser-level threats.

Popular Stories

M5 Vision Pro Thumb 2

Apple Has Given Up on the Vision Pro After M5 Refresh Flop

Wednesday April 29, 2026 11:31 am PDT by
Apple has all but given up on the Vision Pro after the M5 model failed to revitalize interest in the device, MacRumors has learned. Apple updated the Vision Pro with a faster M5 chip and a more comfortable band in October 2025, but there were no other hardware changes, and consumers still weren't interested. The Vision Pro has been criticized for its high price tag and its uncomfortable...
Read Full Article572 comments
app store monthly sub commitment

Apple Introduces App Store Monthly Subscriptions With 12-Month Commitment

Monday April 27, 2026 12:52 pm PDT by
Apple today announced the launch of a new subscription option for App Store developers: monthly subscriptions with a 12-month commitment. The new option allows developers to offer subscribers discounted pricing typically associated with an annual subscription but paid on a monthly basis to keep payments more affordable. This new payment option allows you to offer subscribers more affordable...
Read Full Article145 comments
Four iPhone 18 Pro Colors Mock Feature

iPhone 18 Pro to Launch in September With These 10 New Features

Tuesday April 28, 2026 9:35 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are not launching until September, there are already plenty of rumors about the devices. It was initially reported that the iPhone 18 Pro models would have fully under-screen Face ID, with only a front camera visible in the top-left corner of the screen. However, the latest rumors indicate that only one Face ID component will be moved under the...
Read Full Article

Top Rated Comments

surfzen21 Avatar
surfzen21
15 months ago
LOL

I remember years ago getting a popup that said my windows machine was infected.

I was SHOCKED because it popped up on my Mac. 😂
Score: 22 Votes (Like | Disagree)
Slix Avatar
Slix
15 months ago
I hate to have to say this, but this is not "tailored specifically for macOS". :P

These kind of phishing sites have been around for ages. They prey on people who are too scared to read the flashing words on the screen.

[SPOILER="List of things wrong with their page that tips it off that it's fake:"]
macOS Sonoma is not the latest macOS version, as shown on the webpage. It should be Sequoia.
"MacOS" is written wrong, it should be macOS.
Apple_ID should be Apple ID, or "Apple Account" now, technically.
The spaces before the !!s is usually a sign something is fake.
They sure do love underscores for some reason. :P
None of the dialog boxes have macOS themed buttons.
The "Username/Password" box is the most Windows thing I've ever seen.
Hard to tell if it's just because it's a screenshot, but the image is super blurry.
[/SPOILER]

Stay safe out there everyone! Never call a number just because something on your computer told you to or type in a username and password unless you are meaning to on the site it originated from.
Score: 16 Votes (Like | Disagree)
mattopotamus Avatar
mattopotamus
15 months ago

I never use Safari. Can't think of a single reason to use it really.
What would be the reason not to use it?
Score: 16 Votes (Like | Disagree)
HouseLannister Avatar
HouseLannister
15 months ago
Security through obscurity is no longer a strategy. Apple's laptop marketshare is booming the last few years and they will continue to be targeted more and more in the coming years.
Score: 14 Votes (Like | Disagree)
A
Antes
15 months ago
alright so maybe it is time to consider jumping from the Apple
Score: 14 Votes (Like | Disagree)
cicalinarrot Avatar
cicalinarrot
15 months ago

alright so maybe it is time to consider jumping from the Apple
Because of a web page telling you "I'm Team Apple, CEO of iPhone, your computer has Mpox, give me money"?
Score: 11 Votes (Like | Disagree)
Read All Comments