Click to Skip Ad
Closing in...
TRENDING: iOS 18 iPhone 16 Apple Watch Battery Life M4 MacBook Pro AirPods Max 2 watchOS 11 Apple One Reset AirPods iPad sideloading
Save $150 on the ultimate new robot vacuum!
Home Tech Security

A Windows phishing campaign made its way to Mac – here’s how to protect your data

By
Published Mar 22nd, 2025 10:33AM EDT
M4 MacBook Pro on a table
Image: Christian de Looper for BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

There’s seemingly always a new online scam to worry about. This time, LayerX Labs discovered that a phishing campaign that had been targeting Windows users for several months has now been remade for Mac computers. The ultimate goal of this phishing campaign was to steal user credentials by deceiving people into thinking that these scam notifications were, in fact, Microsoft security alerts.

After deceiving several Windows users, Microsoft, Chrome, Firefox, and other companies eventually rolled out security updates to prevent these attacks from happening. Now, the hackers have shifted their focus to Mac users.

LayerX Labs says these hackers wait for people to misspell website names to try to steal their credentials. Once they misspell a website, the page quickly redirects them through multiple sites before landing on the phishing attack page.

The phishing attack in question featured three critical modifications to the website:

  • The page layout is now different to appear legitimate to Mac users.
  • There are code adjustments to target macOS and Safari users by “leveraging HTTP OS and user agent parameters.”
  • They maintain the illusion of legitimacy by continuing to use Windows[.]net infrastructure.

LayerX Labs says this is one of the most sophisticated phishing campaigns on the Mac to date.

“While phishing campaigns targeting Mac users have existed before, they have rarely reached this level of sophistication,” they wrote. “Based on the longevity, complexity, and sophistication displayed by the actors behind this attack campaign thus far, we suspect that this is just a first response by them, as they adapt their attacks to new defenses.”

The researchers believe this is only the first wave of this kind of phishing campaign against Mac users. In the coming weeks and months, we might see a “resurgent wave of attacks based on this infrastructure as it probes and tests for weak spots in Micrtosoft’s new defenses.”

To keep yourself safe, always make sure to double-check site addresses, and don’t share your credentials without being certain that you’re on the correct page.

Don’t Miss: North Korean hackers created new macOS malware disguised as popular app installers

This article talks about:

José Adorno Tech News Reporter

José is a Tech News Reporter at BGR. He has previously covered Apple and iPhone news for 9to5Mac, and was a producer and web editor for Latin America broadcaster TV Globo. He is based out of Brazil.

José Adorno's latest stories

More Tech

Latest News