The first ever OS X fake installer malware has been detected by a Russian cyber-security firm.
Doctor Web spotted the Trojan, known as "Trojan.SMSSend.3666".
Up until now, such viruses were only found amongst Windows systems.
The attack aims to dupe users into handing over their mobile number in order to send an "activation code" via text to complete the fake installation process.
The submission of the fake code automatically charges the user a recurring subscription fee.
At this point the damage is done and the malware has achieved its goal. The installer does not even have to finish.
While savvy users will be wary of handing over phone details, the rise of such information requests online from legitimate sites such as Facebook and Twitter surely means some will be conned.
Worried Mac users are advised to set security only on the "Mac App store and identified developers" setting.