A malicious website has been discovered that mirrors Symantec blog content, attempting to spread OSX.proton malware by tricking readers into clicking on infected pages.

The website, located at symantecblog[dot]com, points readers to fake security software described as the “Symantec Malware Detector” that claims to detect and remove infections caused by a new variant of the CoinThief malware.

Users who click on the link download OSX.Proton, which is a Trojan horse that opens a backdoor, steals information, and downloads potentially malicious files onto the user’s computer.

Symantec’s legal and brand protection team is aware of the situation and working toward a resolution. Symantec has added detections for OSX.Proton to Norton and Symantec products.