A sophisticated phishing attack, initially targeting Windows users, has now focused on Mac users, according to security researchers. The attack aims to steal Apple Account credentials through deceptive tactics. The change in target comes after Microsoft, Chrome, and Firefox implemented new security measures that reduced the effectiveness of the attack on Windows platforms.
The phishing attack uses a website popup that mimics a security alert. Malicious code is used to freeze the webpage, creating the illusion that the computer has been locked and adding credibility to the fraudulent alert. This technique is considered highly sophisticated, as previous versions of the attack were hosted on legitimate Microsoft servers, which added to their perceived authenticity.
Mac users, especially those using Safari, are now the primary targets of this campaign. Security researchers note that while phishing attacks against Mac users are not new, this attack is notable for its level of sophistication.
Apple has not released a statement regarding this specific phishing campaign. Users are advised to exercise caution when encountering unexpected security alerts and to avoid entering Apple Account credentials on unfamiliar websites.
More here.