cybercriminals who previously targeted Windows users with sophisticated phishing attacks have now turned their attention to Mac and Safari users. This shift comes after Microsoft introduced anti-scareware protection in its Edge browser, making it harder for hackers to exploit Windows users. According to a report by ZDnet, cybersecurity firm LayerX Labs has uncovered a new phishing campaign aimed at stealing Apple ID credentials from Mac users.
The phishing campaign is designed to trick victims into surrendering their Apple ID login information, which could grant hackers access to sensitive data stored in iCloud, including photos, files, and phone backups. Eyal Arazi, product marketing head at LayerX, warned that once hackers obtain a user’s password, they often engage in “credential stuffing,” attempting to use the same credentials across multiple platforms and services to gain further access.
The transition to targeting Mac users follows the success of a similar scam aimed at Windows users. Between 2024 and 2025, scammers ramped up their activities after initial attacks proved effective. The Windows-based phishing campaign involved fake websites designed to look professional and legitimate. These sites displayed fake security warnings, convincing users that their devices had been compromised. Victims were then prompted to enter their Windows username and password. Once the credentials were submitted, hackers executed code to freeze the webpage, creating the illusion that the device had been hacked.
The shift to Mac users highlights the evolving nature of cyber threats. While Windows has long been a primary target for cybercriminals, the increasing popularity of Apple devices has made them an attractive alternative. The new phishing campaign underscores the importance of vigilance, regardless of the operating system. Users are advised to be cautious of unsolicited security warnings and to verify the authenticity of websites before entering sensitive information.
As phishing attacks grow more sophisticated, both individuals and organizations must prioritize cybersecurity. Enabling two-factor authentication, using password managers, and staying informed about the latest threats are essential steps to protect against such scams. With hackers continually adapting their tactics, staying one step ahead is crucial to safeguarding personal and professional data.