Earlier this week, new Mac spyware was discovered on a computer at the Oslo Freedom Forum, which is an annual human rights conference. Dubbed as OSX/KitM.A, discovered by computer security researcher Jacob Appelbaum.
This Mac malware that has been used to spy on activists, targeted via spear phishing attack and had received emails that duped them into installing the malware.
The malware is a backdoor application called "macs.app" which launches automatically upon login. There are two command-and-control servers, located at securitytable.org and docsforum.info.
Interestingly, the malware is signed with an Apple Developer ID, which is designed to prevent the installation of malware, associated with the name Rajender Kumar and the use of the ID appears to be an attempt to bypass Apple's Gatekeeper execution prevention technology.
As of right now, F-Secure is looking into the origination of the malware and though it doesn't appear to be widespread. You can easily uninstall the malware by deleting the macs.app entry from your machine's login items and uninstalling the app which could be located in a number of places including your Mac's home, applications or downloads folders.