• New Phishing Campaign Targeted at Mac Users

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » New Phishing Campaign Targeted at Mac Users

    Author
    Topic
    Alex5723
    AskWoody Plus
    March 20, 2025 at 10:23 am #2757138

    https://layerxsecurity.com/blog/layerx-identifies-new-phishing-campaign-targeted-at-mac-users/

    ..For the past few months, LayerX has been monitoring a sophisticated phishing campaign that initially targeted Windows users by masquerading as Microsoft security alerts. The campaign’s goal was to steal user credentials by employing deceptive tactics that made victims believe their computers were compromised.

    Now, with new security features rolled out by Microsoft, Chrome, and Firefox, the attackers have shifted their focus to Mac users…

    Mac-Phishing-Attack-

    Reply | Quote
    Viewing 2 reply threads
    Author
    Replies
    • pmcjr6142
      AskWoody Plus
      March 20, 2025 at 2:00 pm #2757182

      @alex5723 I assume if or when you might get this fake alert, your Mac is in fact not “locked” but is still working properly?

      iPhone 13, 2019 iMac(SSD)

      Reply | Quote
    • Paul T
      AskWoody MVP
      March 20, 2025 at 2:58 pm #2757192
      pmcjr6142 wrote:

      your Mac is in fact not “locked”

      The original phishing attack involved compromised websites displaying fake security warnings

      Looks more like clickbait to me with headlines like this:

      LayerX Labs Identifies New Zero-Hour Phishing Attack

      Phishing attacks are never zero hour/day, they are real time in email or via a website and rely on you panicking instead of taking a measured approach.
      Zero day implies you are at risk now because a fix has not yet been released, which is not the case for phishing.

      cheers, Paul

      1 user thanked author for this post.
      pmcjr6142
      Reply | Quote
      • b
        AskWoody_MVP
        March 21, 2025 at 11:35 am #2757354
        Paul T wrote:

        Looks more like clickbait to me with headlines like this:

        LayerX Labs Identifies New Zero-Hour Phishing Attack

        Phishing attacks are never zero hour/day, they are real time in email or via a website and rely on you panicking instead of taking a measured approach.

        Zero-hour refers to the frequent rotation of randomized subdomains for phishing sites, as explained below that headline:

        Why Conventional Defenses Failed

        2. Zero-Hour Randomized Subdomains

        The attackers made use of randomized subdomains to avoid detection. LayerX labs captured “pushalm83e.z13.web.core.windows[.]net”. However, these domain strings can be easily generated and frequently rotated.

        This allows attackers to ensure that the page would not match any existing threat intelligence or URL blacklists in place. This tactic, often referred to as a “zero-hour” technique, allows phishing sites to stay online just long enough to trap victims before they are taken down and rotated to another randomized subdomain.

        LayerX Labs Identifies New Zero-Hour Phishing Attack

        Recent cybersecurity data reveals an alarming 130% surge in zero-hour phishing attacks targeting previously unknown browser vulnerabilities.

        These sophisticated attacks leverage unpatched security flaws in popular browsers to deploy malicious payloads before security teams can implement countermeasures, leaving users and organizations extremely vulnerable in the critical first hours of an attack campaign.

        Zero-Hour Phishing Attacks Exploiting Browser Vulnerabilities Increases by 130% [March 20, 2025]

        1 user thanked author for this post.
        Alex5723
        Reply | Quote
    • b
      AskWoody_MVP
      March 20, 2025 at 10:29 pm #2757259
      pmcjr6142 wrote:

      I assume if or when you might get this fake alert, your Mac is in fact not “locked” but is still working properly?

      The browser becomes inoperable (sometimes on full screen):

      … malicious code caused the webpage to freeze, creating the illusion that the entire computer was locked.

      Microsoft Edge users can hold the ESC key to exit full screen (even on MacOS):

      Users can always close a full screen scareware page by PRESSING AND HOLDING the ESC key.

      Anatomy of a scareware scam

      4 users thanked author for this post.
      Elly, satrow, Alex5723, pmcjr6142
      Reply | Quote
    Viewing 2 reply threads
    Reply To: New Phishing Campaign Targeted at Mac Users

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.