A newly observed variant of the macOS-targeting Proton malware is spreading through a blog spoofing that of legitimate security company Symantec.
The actor behind this threat created symantecblog[dot]com, a good imitation of the real Symantec blog, and even mirrored content from the original. On this blog, a post about a new version of CoinThief, a piece of malware from 2014, promotes an application called “Symantec Malware Detector,” while in fact distributing OSX.Proton instead.
Leave a reply
