Anti-virus vendor Intego is warning of the release of a sophisticated phishing trojan created specifically for the MAC operating system.
The existence of the Mac OS-specific malware in the wild suggests that Apple's success in attracting disaffected Windows users may be spurring hackers to target the machines.
The trojan is picked up by Mac users visiting porn sites who are asked to install a special video codec in order to view the material. The trojan can only be installed if the user deliberately enters a user name and password with administrator access to the Mac machine.
If the user elects to proceed a form of DNSChanger is installed that hijacks some Web requests re-directing machines to bogus phishing sites (for sites such as ebay, PayPal and some banks), or to pages displaying ads for other pornographic Web sites.
In the first case, users may think they are on legitimate sites and enter a user name and password, a credit card, or an account number, which will then be harvested. In the latter case, it seems that this is being done solely to generate ad revenue, says Intego.
The malicious trojan, called OSX.RSPlug.A, also checks every minute to make sure its own DNS server is still active.