117/68 Wednesday, March 26, 2025
LayerX Labs has uncovered a new phishing campaign that originally targeted Windows users but has now shifted its focus to macOS users. The shift follows the rollout of new anti-scareware features in early 2025 by Microsoft, in collaboration with Chrome and Firefox, which led to a 90% drop in successful attacks on Windows systems. As a result, attackers are now targeting macOS, which lacks equally robust protections. The phishing method involves fake security alert pages claiming the victim’s computer has been compromised and prompting them to enter their username and password. These phishing sites are often hosted on Microsoft’s Windows[.]net platform, adding a layer of credibility.
According to LayerX Labs, within two weeks of the anti-scareware update, there was a noticeable spike in macOS attacks. The phishing code was modified to specifically target Safari users, with most victims redirected to phishing pages through compromised domains or typosquatting. In one notable case, a LayerX enterprise client—despite using a Secure Web Gateway—was still vulnerable to the attack. However, the company’s AI-based detection system successfully blocked the attempt.
Thomas Richards of Black Duck commented that modern phishing campaigns increasingly use legitimate hosting services to appear trustworthy. He advised users to ignore any pop-up security alerts requesting personal information, emphasizing that legitimate antivirus solutions will never ask for usernames or passwords through pop-up messages.
Source https://hackread.com/new-phishing-campaign-targeted-at-mac-users/
