Phishing Attack Pivots to Mac After Windows Browser Defenses Improve

[MacRumors]

Security firm LayerX Labs has identified a sophisticated phishing campaign that recently began targeting Mac users after new browser protections rendered its Windows attacks less effective.

The attackers had previously targeted Windows users with fake Microsoft security alerts, but then adapted their tactics in response to new anti-scareware features deployed in Chrome, Edge, and Firefox browsers earlier this year.

According to LayerX, the original campaign relied on compromised websites that would display fake security warnings claiming the user's computer had been "compromised" and "locked." The malicious code would then freeze the webpage, creating the illusion that the computer was locked and prompting victims to enter their Windows credentials.

What made the campaign particularly effective was its apparent credibility, since the phishing pages were hosted on Microsoft's Windows.net platform. The use of legitimate infrastructure also helped it bypass security tools that assess risk based on domain reputation.

After browser developers implemented new anti-scareware protections in early 2025, LayerX said it observed a 90% drop in Windows-targeted attacks. Within just two weeks, the attackers had shifted their focus to Mac users, who weren't covered by the new protection measures.

Phishing attack displaying fake security warning​

The Mac-targeted phishing pages use a similar visual design but have been tailored specifically for macOS and Safari users. However, the campaign is still using the Windows.net infrastructure. Victims typically arrive at these phishing pages through typos in URLs, which lead to compromised domain parking pages that rapidly redirect through multiple sites before landing on the malicious page.

"While phishing campaigns targeting Mac users have existed before, they have rarely reached this level of sophistication," notes LayerX in their report. The security firm expects to see "a resurgent wave of attacks" as the threat actors continue to adapt their techniques to overcome new security protections.

The takeaway for Mac users is that you should always verify website URLs when typing them into your browser, and consider using a security tool that can detect browser-level threats.

Article Link: Phishing Attack Pivots to Mac After Windows Browser Defenses Improve

 

[Antes]

alright so maybe it is time to consider jumping from the Apple

 

[surfzen21]

LOL

I remember years ago getting a popup that said my windows machine was infected.

I was SHOCKED because it popped up on my Mac. 😂

 

[oink_oink]

I never use Safari. Can't think of a single reason to use it really.

 

[HouseLannister]

Security through obscurity is no longer a strategy. Apple's laptop marketshare is booming the last few years and they will continue to be targeted more and more in the coming years.

 

[mattopotamus]

I never use Safari. Can't think of a single reason to use it really.

What would be the reason not to use it?

 

[Slix]

I hate to have to say this, but this is not "tailored specifically for macOS".

These kind of phishing sites have been around for ages. They prey on people who are too scared to read the flashing words on the screen.

Spoiler: List of things wrong with their page that tips it off that it's fake:

macOS Sonoma is not the latest macOS version, as shown on the webpage. It should be Sequoia.
"MacOS" is written wrong, it should be macOS.
Apple_ID should be Apple ID, or "Apple Account" now, technically.
The spaces before the !!s is usually a sign something is fake.
They sure do love underscores for some reason.
None of the dialog boxes have macOS themed buttons.
The "Username/Password" box is the most Windows thing I've ever seen.
Hard to tell if it's just because it's a screenshot, but the image is super blurry.

Stay safe out there everyone! Never call a number just because something on your computer told you to or type in a username and password unless you are meaning to on the site it originated from.

 

[cicalinarrot]

alright so maybe it is time to consider jumping from the Apple

Because of a web page telling you "I'm Team Apple, CEO of iPhone, your computer has Mpox, give me money"?

 

[axantas]

"Apple_MacOS" - aha, ok.

Read the text, have a look at the colorful appearance and decide yourself, whether this is a message from "Apple_MacOS" or just a popup from somwhere.

 

[WilliApple]

That looks like a popup for Microsoft Windows lol
Also macOS Sonoma...

 

[con2apple]

I never use Safari. Can't think of a single reason to use it really.

Blasphemy!

 

[RUQRU]

Security firm LayerX Labs has identified a sophisticated phishing campaign that recently began targeting Mac users after new browser protections rendered its Windows attacks less effective.


Article Link: Phishing Attack Pivots to Mac After Windows Browser Defenses Improve

Anyone who has used computers for more than 5 minutes knows that the dialog displayed is from Windows and in no way looks like a Mac dialog.

 

[Chuckeee]

I’ve seen those type of scam messages, pop up on my iPhone for years.

 

[contacos]

There used to be something similar but they actually went to call people and told them their antivirus software needs updating years ago. My mum got it a lot and was like "but I dont have a computer. byeeeeeee" each time

 

[repoman016]

I never use Safari. Can't think of a single reason to use it really.

To download chrome off a fresh OS install 🤣

 

[vantelimus]

Another non-news report. I’m sure their are people who need to be told about these things. I’m not sure the MacRumors readers are among them. I could be wrong.

 

[0049190]

Why doesn’t Safari have the same anti-scareware protection? I hope Apple are aware and working on this.

 

[0049190]

Another non-news report. I’m sure their are people who need to be told about these things. I’m not sure the MacRumors readers are among them. I could be wrong.

If there is problem with Safari I would like to know as I use it every day.

 

[dominiongamma]

I never use Safari. Can't think of a single reason to use it really.

Firefox is the way to go or Edge, Safari is too limiting

 

[dominiongamma]

Why doesn’t Safari have the same anti-scareware protection? I hope Apple are aware and working on this.

This is why I use Firefox because I can control how much content I can block and it’s not very limiting

 

[jgreg728]

The only people at risk of falling for these things are probably people in their 70s-90s+. These pop ups stick out like a sore thumb.

 

[Martin Bland]

The computer security industry still trying to wish into existence a Mac malware environment as lucrative as on Windows.

 

[Amazing Iceman]

In these cases, the best security defense relies on an Educated User.
Phishing schemes and other methods to 'hack the user' will become more and more sophisticated.
A well educated user should be able to identify these risks better than lowering its guard and fully relying on a third-party tool.

 

[coolfactor]

Why doesn’t Safari have the same anti-scareware protection? I hope Apple are aware and working on this.

The article doesn't explain how the anti-scareware solution works. Is it violating privacy to detect suspicious content?

 

[erthquake]

This also happens with ads on content farm websites. Students will get these popups from sites that were recommended by their teachers. Many teachers have adblockers so they're not aware of how much adspam litters these sites.