Russian anti-virus vendor Dr Web has warned that up to 600,000 machines have been hit by the malware, leaving them at risk of being used as a 'botnet'.
The creators of the Flashback Trojan exploited weaknesses in Java code to enable the rogue software to install itself on computers without permission. It then sends out a message to the hacker granting them access to the system's contents.
More than half of the infected Macs are thought to be US-based, with 274 located in Apple's home city of Cupertino, California.
Java developer Oracle released a patch earlier this year to correct the vulnerability issue, but the update was not compatible with Apple machines.
Apple released its own security update this week to protect users against the malware. It can be downloaded by selecting 'software update' under system preferences.
Internet security firm F-Secure has provided instructions explaining how to test whether a machine is infected, and remove the malware manually.
> Ramnit worm steals 45,000 Facebook login passwords
> Steve Jobs biographer: 'Apple will settle Google Android dispute'