The program, dubbed iAdware by the Finnish security company, is possibly the first example offor Macs. It is especially interesting since it doesn't require administrative privileges to nestle itself on the computers, according to F-Secure.
"We won't disclose the exact technique used here, it's a feature not a bug, but let's just say that installing a System Library shouldn't be allowed without prompting the user," according to the F-Secure blog on Thursday.
The program is a proof-of-concept sent to F-Secure and it is not out targeting users on the Internet.
"In theory, this program could be silently installed to your user account and hooked to each application you use," according to the F-Secure blog. "This particular sample successfully launched the Mac's Web browser when we used any of a number of applications."
Malicious software that targets Mac OS X systems is rare and has been limited largely to proof-of-concept code, instead of actual attacks. However, there are indications that, which experts have said is not impervious to attacks.
For example, as part of a campaign called the Month of the Kernel Bugs, several new flaws have been disclosed in Apple Computer software, the latest on Monday in the AppleTalk protocol. Last week, exploit code was released for related to disk image structures.
Apple could not immediately be reached for comment.