LayerX Labs, a security firm, has uncovered an advanced phishing campaign that has shifted its focus to Mac users following the implementation of enhanced browser protections that diminished the success of its Windows-based attacks. Initially, the attackers employed fake Microsoft security alerts to target Windows users, but they have since modified their approach due to new anti-scareware measures introduced in Chrome, Edge, and Firefox browsers earlier this year.
According to LayerX, the original campaign relied on compromised websites that would display fake security warnings claiming the user’s computer had been “compromised” and “locked.” The malicious code would then freeze the webpage, creating the illusion that the computer was locked and prompting victims to enter their Windows credentials.
What made the campaign particularly effective was its apparent credibility, since the phishing pages were hosted on Microsoft’s Windows.net platform. The use of legitimate infrastructure also helped it bypass security tools that assess risk based on domain reputation.
After browser developers implemented new anti-scareware protections in early 2025, LayerX said it observed a 90% drop in Windows-targeted attacks. Within just two weeks, the attackers had shifted their focus to Mac users, who weren’t covered by the new protection measures.
The Mac-targeted phishing pages use a similar visual design but have been tailored specifically for macOS and Safari users. However, the campaign is still using the Windows.net infrastructure.
MacDailyNews Note: More in LayerX’s article here.
Please help support MacDailyNews — and enjoy subscriber-only articles, comments, chat, and more — by subscribing to our Substack: macdailynews.substack.com. Thank you!
Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.
