Threat actors behind a sophisticated phishing attack against Windows users, have now switched gears to target Mac users.
The hackers changed their target to Mac and Safari users after Microsoft issued a new anti-scareware update for its Edge browser, according to a report by ZDnet. The report stated that cybersecurity firm LayerX Labs has uncovered a phishing campaign intended to steal potential victims’ Apple ID credentials.
“Such access could give them access to the user’s iCloud account, including files, pictures, phone backups, and more. Moreover, once hackers have one password belonging to a user, they often try to do ‘credential stuffing’ across multiple systems and services,” Eyal Arazi, the product marketing head at LayerX, was quoted as saying.
How did the Windows attack take place?
According to LayerX, the scammers behind the phishing attack ramped up their activities between 2024 to 2025 after it turned out to be initially successful.
The modus operandi of the campaign against Windows users involved fake websites that had been set up by the scammers. These websites were well-designed and looked professional. They displayed fake security warnings to trick potential victims into thinking that their device has been hacked.
After the scam victim had been duped into entering their Windows username and password, the bad actors would execute lines of code to freeze the web page in order to make it seem like their devices had, indeed, been hacked.
The fake websites were reportedly hosted on Microsoft’s Windows.net platform, which appeared to give the fake security warnings some legitimacy. The scammers run the code to freeze the site through random sub-domains under Windows.net
Story continues below this ad
The scammers were also able to avoid detection for long by frequently updating the phishing sites and using anti-bot and CAPTCHA verification to block automated web crawlers security professionals use to find malicious pages.
What is different about the Mac-focused attack?
Earlier this year, Microsoft added anti-scareware protection to its Edge browser in response to such phishing attacks. Similarly, Google Chrome and Mozilla Firefox released their own tools to mitigate such attacks. As a result, these measures led to a 90 per cent drop in attacks targeting Windows users, according to LayerX.
While the modus operandi of the Mac phishing campaign is similar to the Windows one, there are a few differences. For instance, the fake scam websites and malicious code have reportedly been revised to draw in Mac users. However, LayerX found that the phishing pages are still hosted on Windows.net.
What can you do to protect yourself and your organisation?
“Phishing attacks are evolving, and despite the fact that Macs are traditionally less susceptible to viruses, Mac users are no exception to many modern threats,” Darren Guccione, Keeper Security CEO and co-founder, was quoted as saying.
Story continues below this ad
“Cybercriminals are opportunistic — when one attack vector gets blocked, they pivot to the next. This campaign demonstrates how quickly attackers adapt, leveraging trusted infrastructure and sophisticated deception to bypass traditional security measures,” he added.
The cybersecurity expert suggested that users should use password managers and enable multi-factor authentication (MFA), while also undergoing security awareness training and education. “The best defense is knowing how to spot and respond to phishing attempts, which includes keeping an eye out for urgent language, avoiding clicking on suspicious links and pop-ups, and visiting trusted websites directly,” he said.