Ever Trend Zone The criminals behind phishing attacks targeting Windows users are targeting Mac users instead. The goal is to steal your Apple account credentials (also known as Apple ID).
Security researchers who discovered the fraud say it is one of the most sophisticated attacks ever attached to Mac users…
Security researchers monitoring long-term phishing attacks on Window users have discovered that Mac users are the main target after Microsoft introduced new security measures.
For the past few months, Layerx has been monitoring sophisticated phishing campaigns that first target Windows users under the guise of Microsoft Security alerts. The campaign’s goal was to steal user qualifications by employing deceptive tactics that made victims believe their computers were at risk.
At present, new security features are being deployed by Microsoft, Chrome, and Firefox, so attackers have shifted their focus to Mac users.
The core methods of attack are not new. A website pop-up window disguised as a security alert. But what makes this particular attack possible to deceive so many people is to use malicious code to freeze the web pages you are looking at. This gives credibility to the pop-up claim that the computer is locked.
Layerx says the refinement of the setup has made blocking more difficult. For example, the Windows version was hosted on a real Microsoft server.
The phishing page was hosted on Microsoft’s Windows.NET platform (an open platform by Microsoft for hosting Azure applications). In the context of the attack, this makes the message look legitimate, as it comes from a page in a security warning (probably) Windows (.) net domain.
However, Microsoft last month implemented similar protections in Chrome and Firefox, introducing anti-scare wear features in the Edge browser. This stopped 90% of attacks on Windows PCs, so the attackers focused on Macs running Safari.
They changed both the appearance and wording of the pop-up to make it look legal to Mac users.
Within two weeks of Microsoft’s deployment of new anti-phishing defenses, Layerx began observing attacks on Mac users.
MAC and Safari users have become major targets. Phishing campaigns targeting Mac users have previously existed, but rarely have reached this level of refinement.
That’s not the case but evertrendzone Readers may be fooled and freezing the underlying webpages can be quite convincing for non-tech Mac owners and would like to share them with family and friends.
Highlighted accessories
Via MacWorld. Photo by Alex Bachol.
(TagStoTRASSLATE)SAFARI
