More than half a million Macs around the world have been infected with variations of the Flashback trojan.
Flashback pinches user names and passwords by monitoring your network traffic.
Russian antivirus company Dr. Web claims that the growing botnet has infected 600,000 Macs with 274 bots located in Cupertino, home of Apple.
56.6 percent of the affected Macs are in the US, 19.8 percent in Canada and 12.8 in the UK.
The Flashback trojan was first discovered in September 2011, disguised as an Adobe Flash Player installer.
New variant triggered by website visit
Two months ago, a new variant began exploiting a security hole in Java. In its new form, a visit to a malicious website will automatically install the Flashback malware.
Apple has now patched the hole, but only just this week.
If you think your Mac could already be infected, F-Secure has instructions on how to remove it.
Article continues below