A current report by LayerX Labs has revealed a brand new phishing marketing campaign that was initially designed to deceive Home windows customers however currently centered on concentrating on macOS customers.
The marketing campaign, which LayerX Labs monitored for a number of months, initially posed as Microsoft security alerts, aiming to steal person credentials. Within the assault, attackers employed misleading techniques, creating pretend safety warnings on hacked web sites that claimed the person’s pc was “compromised” and “locked.” Victims have been inspired to enter their Home windows username and password, whereas malicious code froze the webpage, mimicking a whole system lockdown.
In keeping with LayerX’s analysis, shared with Hackread.com, a number of elements contributed to the marketing campaign’s preliminary effectiveness. Firstly, the phishing pages have been hosted on Microsoft’s Home windows.internet platform, making the pretend safety warnings seem respectable.
Additionally, attackers utilized trusted internet hosting companies, exploiting the truth that conventional anti-phishing defences typically depend on top-level area popularity. Moreover, they employed randomized, quickly altering subdomains, making it troublesome for safety instruments to trace and block the malicious pages, which themselves have been professionally designed, and regularly up to date to evade detection. Some even included anti-bot and CAPTCHA applied sciences to hinder automated net crawlers.
When Microsoft, together with Chrome and Firefox, launched new anti-scareware options in early 2025, a dramatic 90% drop in Home windows-targeted assaults was observed. In response, the attackers tailored their technique, shifting their focus to macOS customers, unprotected by these new defences.
Inside two weeks, LayerX Labs noticed a surge in Mac-based attacks, a lot just like the Home windows-targeted ones however with slight code changes aiming to particularly goal macOS and Safari customers. Victims have been lured to the phishing pages through compromised area “parking” pages, typically after making a typo in a URL.
In a single occasion, a macOS and Safari person from a LayerX enterprise buyer was focused. Though the group employed a Safe Net Gateway, the assault bypassed it. Nonetheless, LayerX’s AI-based detection system, which analyzes net pages utilizing quite a few parameters on the browser degree, efficiently blocked the assault.
This marketing campaign highlights the rising sophistication of phishing assaults concentrating on macOS customers. Menlo Safety’s current State of Browser Security report additional highlights this pattern, revealing a dramatic improve in browser-based assaults, particularly because the reputation of generative AI.
The report discovered a whopping 140% improve in browser-based phishing assaults in comparison with 2023, with a 130% improve particularly in zero-hour phishing assaults and the impersonation of main manufacturers like Fb, Microsoft, and Netflix.
Menlo Safety’s evaluation of over 752,000 browser-based phishing assaults reveals that one in 5 assaults now employs evasive methods to bypass conventional safety measures.
Thomas Richards, Principal Advisor, Community and Pink Staff Observe Director at Black Duck, a Burlington, Massachusetts-based supplier of utility safety options, commented on the most recent improvement stating, “Prior to now few weeks, we’ve seen an uptick in browser-based phishing assaults that use respectable internet hosting companies to trick customers into falling for the assault and the ruse they use is a reasonably outdated one and fairly frequent.”
“If you happen to ever get an unknown random pop-up saying your pc is compromised, it needs to be handled as suspicious and ignored,” Thomas warned. “Anti-virus companies won’t ever ask you to enter a username and password to take away a risk.”
