Phishing Attack Pivots to Mac After Windows Browser Defenses Improve

by

Security firm LayerX Labs has identified a sophisticated phishing campaign that recently began targeting Mac users after new browser protections rendered its Windows attacks less effective.

mac apple logo lit
The attackers had previously targeted Windows users with fake Microsoft security alerts, but then adapted their tactics in response to new anti-scareware features deployed in Chrome, Edge, and Firefox browsers earlier this year.

According to LayerX, the original campaign relied on compromised websites that would display fake security warnings claiming the user's computer had been "compromised" and "locked." The malicious code would then freeze the webpage, creating the illusion that the computer was locked and prompting victims to enter their Windows credentials.

What made the campaign particularly effective was its apparent credibility, since the phishing pages were hosted on Microsoft's Windows.net platform. The use of legitimate infrastructure also helped it bypass security tools that assess risk based on domain reputation.

After browser developers implemented new anti-scareware protections in early 2025, LayerX said it observed a 90% drop in Windows-targeted attacks. Within just two weeks, the attackers had shifted their focus to Mac users, who weren't covered by the new protection measures.

Mac Phishing Attack Feb 2025

Phishing attack displaying fake security warning

The Mac-targeted phishing pages use a similar visual design but have been tailored specifically for macOS and Safari users. However, the campaign is still using the Windows.net infrastructure. Victims typically arrive at these phishing pages through typos in URLs, which lead to compromised domain parking pages that rapidly redirect through multiple sites before landing on the malicious page.

"While phishing campaigns targeting Mac users have existed before, they have rarely reached this level of sophistication," notes LayerX in their report. The security firm expects to see "a resurgent wave of attacks" as the threat actors continue to adapt their techniques to overcome new security protections.

The takeaway for Mac users is that you should always verify website URLs when typing them into your browser, and consider using a security tool that can detect browser-level threats.

Popular Stories

iOS 26

iOS 26.3 and iOS 26.4 Will Add These New Features to Your iPhone

Tuesday February 3, 2026 7:47 am PST by
We are still waiting for the iOS 26.3 Release Candidate to come out, so the first iOS 26.4 beta is likely still at least a week or two away. Following beta testing, iOS 26.4 will likely be released to the general public in March or April. Below, we have recapped known or rumored iOS 26.3 and iOS 26.4 features so far. iOS 26.3 iPhone to Android Transfer Tool iOS 26.3 makes it easier...
Read Full Article30 comments
Apple Logo Black

Apple's Next Launch is 'Imminent'

Sunday February 1, 2026 12:31 pm PST by
The calendar has turned to February, and a new report indicates that Apple's next product launch is "imminent," in the form of new MacBook Pro models. "All signs point to an imminent launch of next-generation MacBook Pros that retain the current form factor but deliver faster chips," Bloomberg's Mark Gurman said on Sunday. "I'm told the new models — code-named J714 and J716 — are slated...
Read Full Article
iOS 26 Home Feature

Apple Gives Final Warning to Home App Users

Tuesday February 3, 2026 8:55 am PST by
In 2022, Apple introduced a new Apple Home architecture that is "more reliable and efficient," and the deadline to upgrade and avoid issues is fast approaching. In an email this week, Apple gave customers a final reminder to upgrade their Home app by February 10, 2026. Apple says users who do not upgrade may experience issues with accessories and automations, or lose access to their smart...
Read Full Article68 comments
Aston Martin CarPlay Ultra Screen

Apple's CarPlay Ultra to Expand to These Vehicle Brands Later This Year

Sunday February 1, 2026 10:08 am PST by
Last year, Apple launched CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. Nearly nine months later, CarPlay Ultra is still limited to Aston Martin's latest luxury vehicles, but that should change fairly soon. In May 2025, Apple said many other vehicle brands planned to offer CarPlay Ultra, including Hyundai, Kia, and Genesis. In his Powe...
Read Full Article90 comments
Apple Foldable Thumb

First Foldable iPhone Design Details Revealed

Monday February 2, 2026 7:19 am PST by
Apple's first foldable iPhone will feature relocated volume buttons, an all-black camera plateau, a smaller Dynamic Island, and more, according to design leaks from a known Weibo leaker. The user known as "Instant Digital" today claimed to share several key details about the design of the foldable iPhone: The volume buttons will be located on the top edge of the device, aligned to the...
Read Full Article127 comments

Top Rated Comments

surfzen21 Avatar
surfzen21
12 months ago
LOL

I remember years ago getting a popup that said my windows machine was infected.

I was SHOCKED because it popped up on my Mac. ?
Score: 22 Votes (Like | Disagree)
mattopotamus Avatar
mattopotamus
12 months ago

I never use Safari. Can't think of a single reason to use it really.
What would be the reason not to use it?
Score: 16 Votes (Like | Disagree)
Slix Avatar
Slix
12 months ago
I hate to have to say this, but this is not "tailored specifically for macOS". :P

These kind of phishing sites have been around for ages. They prey on people who are too scared to read the flashing words on the screen.

[SPOILER="List of things wrong with their page that tips it off that it's fake:"]
macOS Sonoma is not the latest macOS version, as shown on the webpage. It should be Sequoia.
"MacOS" is written wrong, it should be macOS.
Apple_ID should be Apple ID, or "Apple Account" now, technically.
The spaces before the !!s is usually a sign something is fake.
They sure do love underscores for some reason. :P
None of the dialog boxes have macOS themed buttons.
The "Username/Password" box is the most Windows thing I've ever seen.
Hard to tell if it's just because it's a screenshot, but the image is super blurry.
[/SPOILER]

Stay safe out there everyone! Never call a number just because something on your computer told you to or type in a username and password unless you are meaning to on the site it originated from.
Score: 16 Votes (Like | Disagree)
Antes Avatar
Antes
12 months ago
alright so maybe it is time to consider jumping from the Apple
Score: 14 Votes (Like | Disagree)
HouseLannister Avatar
HouseLannister
12 months ago
Security through obscurity is no longer a strategy. Apple's laptop marketshare is booming the last few years and they will continue to be targeted more and more in the coming years.
Score: 14 Votes (Like | Disagree)
cicalinarrot Avatar
cicalinarrot
12 months ago

alright so maybe it is time to consider jumping from the Apple
Because of a web page telling you "I'm Team Apple, CEO of iPhone, your computer has Mpox, give me money"?
Score: 11 Votes (Like | Disagree)
Read All Comments