Intego researchers recently uncovered a new version of the Flashback Trojan, which they say has already infected many Mac users.
"Flashback.G initially attempts to install itself via one of two Java vulnerabilities," writes The Register's John Leyden. "Failing that, the malicious applet displays a self-signed certificate (claiming to be from Apple) in the hope users just install the malware."
"Once snugly in place, the malware attempts to capture the login credentials users enter on bank websites, PayPal, and many others," Leyden writes.
Go to "New password-snatching Mac Trojan spreading in the wild" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.