Sophisticated Phishing Campaign Targets Mac Users to Steal Apple ID Credentials

Attackers exploit fake security alerts, webpage freezes, and advanced evasion tactics to deceive Safari users and bypass macOS defenses.

A phishing campaign previously targeting Windows users has shifted focus to Mac users, aiming to steal Apple ID credentials.
The attack employs fake security alerts and malicious code to freeze webpages, making users believe their computers are locked.
Microsoft's new anti-phishing defenses reduced Windows-targeted attacks by 90%, prompting attackers to adapt and target macOS instead.
The campaign uses legitimate hosting platforms and rotating sub-domains to evade detection and delay classification as malicious.
Researchers describe this as one of the most sophisticated phishing attacks against Mac users, highlighting vulnerabilities in Safari's defenses.