Anti-virus security company Kaspersky Lab discovered the new Mac Trojan, named Backdoor.OSX.SabPub.a, or "SabPub" for short.
This comes just days after Apple released a tool for detecting and removing the Flashback Trojan, which was able to take remote command of Macs, and then mine their machines for data, such as usernames and passwords.
Just like the Flashback Trojan, the SabPub also gets onto Mac computers via Java, able to infect machines when a specific web link is clicked.
But Alex Gostev, Kaspersky's chief security expert, said that the two threats are "totally different".
According to Mashable, he said: "SabPub is classic backdoor Trojan, so it opens full access to a victim's system for attackers.
"Flashback and its known variants is downloader and clickjacking bot, which means it conducts click fraud scam by hijacking people's search engine results inside their web browsers."
However, Gostev noted that the SabPub appears to be targeting specific computers rather than going for a mass outbreak.
"It would seem that the attackers have an extremely select list of victims that is not very large," Gostev said.
SabPub was previously spotted as a vulnerability in Microsoft Word, but the new strain is using Java instead to spread the infection.
"The latest version of SabPub uses the Java exploit to spread infection in a more effective way because the Java exploit is delivered via a drive by download, which occurs when people click on URLs with malware via email," Gostev added.
Kaspersky advised Mac users to update to the latest patch released by Apple as a way to protect against malware, such as SabPub.
Oracle, which took over Java when it bought Sun, issued a fix for the Java flaw in Macs earlier in the year, but Apple delayed issuing the update to its Java users. This enabled hackers to exploit the vulnerability with malware.
Last week, Kaspersky issued a Java update to address the Flashback Trojan, and intends to do the same soon for SabPub as well.
At the time, Gostev said that the three-month delay in issuing a security update for Java was a "bad decision on Apple's part".
"There are a few reasons for this. First, Apple doesn't allow Oracle to patch Java for Mac. They do it themselves, usually several months later. This means the window of exposure for Mac users is much longer than PC users," he said in a statement.
"This is especially bad news since Apple's standard AV update is a rudimentary affair which only adds new signatures when a threat is deemed large enough.
"Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time!
"The problem is exacerbated because - up to now - Apple has enjoyed a mythical reputation for being 'malware free'. Too many users are unaware that their computers have been infected, or that there is a real threat to Mac security."
> Apple criticised over Mac malware response time