Hackers responsible for an advanced phishing campaign targeting Windows users have now redirected their efforts toward Mac users. According to a report by ZDNet, this shift follows Microsoft’s implementation of a new anti-scareware update for its Edge browser. Cybersecurity firm LayerX Labs has uncovered a malicious campaign aimed at stealing Apple ID credentials from unsuspecting victims.
The Threat to Apple ID Accounts
Gaining access to an Apple ID allows hackers to infiltrate a user’s iCloud account, granting them control over files, photos, phone backups, and more. Additionally, stolen credentials can be exploited for credential stuffing—where cybercriminals attempt to use the same login details across multiple platforms to breach additional accounts.
LayerX’s product marketing head, Eyal Arazi, highlighted the severity of this issue, emphasizing the need for users to be vigilant against phishing attempts.
How the Windows Attack Was Executed
Between 2024 and 2025, cybercriminals significantly increased their phishing efforts after initial successes. Their strategy involved creating deceptive websites designed to mimic legitimate security alerts. These fake pages convinced users that their devices had been compromised, prompting them to enter their Windows credentials.
Once a victim provided their login information, the attackers ran malicious code to freeze the webpage, making it appear as though the device had indeed been hacked.
To make their fraudulent websites seem credible, the hackers hosted them on Microsoft’s Windows.net platform. They also employed techniques like frequent website updates, anti-bot measures, and CAPTCHA verification to evade security detection.
How the Mac Attack Differs
Following Microsoft’s security enhancements, which contributed to a 90% reduction in Windows-targeted phishing attacks, cybercriminals adapted their tactics. They modified their fraudulent websites and malicious scripts to appeal specifically to Mac users. Despite these changes, LayerX Labs discovered that the phishing pages continue to be hosted on Windows.net.
Steps to Stay Protected
Darren Guccione, CEO and co-founder of Keeper Security, emphasized that while Mac devices are traditionally considered more secure against viruses, modern cyber threats spare no platform. He noted that attackers quickly shift strategies when one avenue is blocked, exploiting trusted infrastructure to bypass conventional security measures.
To guard against phishing attempts, users are advised to:
- Utilize password managers to store and generate strong passwords
- Enable multi-factor authentication (MFA) for added security
- Undergo cybersecurity awareness training to recognize and respond to threats
- Be cautious of urgent messages and avoid clicking on suspicious links or pop-ups
- Access websites directly rather than through links in unsolicited emails or messages
By staying informed and adopting robust security practices, individuals and organizations can mitigate the risks posed by evolving phishing campaigns.
