Earlier in July, Intego reported the discovery of a new Mac Trojan which it named Crisis.
At the time, the company said it had not been detected in the wild, but it turns out that was not correct.
Intego officials now say a sample of the malware was submitted to VirusTotal by security researchers at DefensiveLab, who obtained the files from a Moroccan journalist whose computer was infected with Crisis.
The company also says the malware is being deployed via a Java and Flash exploits.
Details about the malware's effects are also emerging.
According to Intego, once installed it 'phones home' to collect more malware that captures user activity on Adium, Skype, Microsoft Messenger, Safari and Firefox.
Skype audio traffic, Messenger and Adium messages, and Safari and Firefox URLs and screengrabs are captured and sent to a remote server.
Sophos' analysis says Morcut (its preferred name for Crisis) can also control or monitor mouse coordinates, location, the built-in iSight camera, the internal microphone, keystrokes, the contents of the clipboard, calendar data and alerts, Address Book contacts, and more.
Intego officials note that some of the capability appears to come from a commercial malware package sold by a company called Remote Control System DaVinci for €200,000.