A phishing campaign, which initially targeted Windows users by masquerading as Microsoft security alerts, is now aiming at Mac users.
For the past year, Tel-Aviv-based browser security platform LayerX claims to have observed a phishing campaign aimed at Windows users that intensified at the end of 2024.
During the original phishing attack, cybercriminals deployed fake websites showing fake security warnings claiming that the user’s computer had been “compromised” and “locked.”
Victims were prompted to enter their Windows credentials while, at the same time, malicious code caused the website to freeze.
According to LayerX, the attacks were difficult to spot as the phishing pages were hosted on Microsoft’s Windows.net platform, making websites appear legitimate. The unnamed attackers also used a trusted hosting service, which allowed them to circumvent traditional protection mechanisms.
“Threat actors served their malicious code from randomized, rapidly-morphing subdomains. This meant that even if a particular page was flagged for being malicious and placed in feeds of malicious pages, it was quickly taken down and replaced by another URL with a ‘clean’ reputation,” LayerX says.
From Windows to Macs
The company claims to have recently witnessed a 90% drop in Windows-targeted attacks, but it does not provide exact numbers or estimations.
It attributes the trend to browsers such as Chrome and Firefox increasing scam protection, and Microsoft's “anti–scareware” feature on the Edge browser.
After Windows-based browsers increased security, the attackers reportedly shifted their focus to Mac users with a campaign that visually appears the same though it is redesigned to look legitimate on Macs.
“Based on the longevity, complexity, and sophistication displayed by the actors behind this attack campaign thus far, we suspect that this is just a first response by the attackers. In the coming weeks, we will see a resurgent wave of attacks based on this infrastructure as it probes and tests for weak spots in Microsoft’s new defenses,” LayerX forecasts.
Your email address will not be published. Required fields are markedmarked