A sophisticated phishing campaign, previously targeting Windows users, has shifted its focus to Mac users following the introduction of new security features by major browsers.
This campaign, identified by LayerX Labs, highlights the evolving nature of phishing attacks as they adapt to enhanced security measures.
Initially, the phishing campaign targeted Windows users by masquerading as Microsoft security alerts.
The attackers used compromised websites to display fake security warnings, claiming that the user’s computer was compromised and locked.
According to LayerX Labs, this was accompanied by malicious code that froze the webpage, creating the illusion that the entire computer was locked.
The campaign was particularly challenging to stop because it was hosted on Microsoft’s Windows.net platform, which lent an air of legitimacy to the fake alerts.
Additionally, the attackers exploited trusted hosting services and used randomized subdomains to evade detection by traditional anti-phishing defenses.
Shift to Mac Users
Following the rollout of new anti-phishing features by Microsoft, Chrome, and Firefox in early 2025, the campaign saw a significant drop in effectiveness against Windows users.
In response, the attackers modified their tactics to target Mac users, who were not covered by these new defenses.
The phishing pages were redesigned to appear legitimate to Mac users, with adjustments made to specifically target macOS and Safari users.
The attackers continued to use the Windows.net infrastructure to maintain the illusion of legitimacy.
Victims were typically lured into the phishing trap via compromised domain parking pages.
A typo in a URL would redirect users to these pages, which then quickly redirected them to the phishing site.
In one notable case, a macOS and Safari user was targeted despite their organization using a Secure Web Gateway (SWG).
However, LayerX’s AI-based detection system was able to identify and block the malicious page before any damage occurred.
This campaign underscores the adaptability of cybercriminals and the need for advanced security solutions.
As security measures evolve, attackers continue to modify their tactics, indicating that organizations must remain vigilant and proactive in their defense strategies.
The shift to targeting Mac users highlights the expanding scope of phishing attacks and the importance of comprehensive protection across all platforms.
Find this Story Interesting! Follow us on LinkedIn, and X to Get More Instant Updates
