Over half of the infected computers are in the United States, and nearly 20 percent are in Canada.
"This once again refutes claims by some experts that there are no cyber-threats to Mac OS X," the report said.
The trojan began quietly circulating in September under the guise of an Adobe Flash Update. Once installed, the virus disables some security features, allowing hackers to gain control of the computer.
Later versions of the malware used weaknesses in the Java language used for web pages to install the code and infect the machine.
Apple released a security patch for users to download and protect their Macs this week; users who have not yet installed the patch remain exposed.
"People used to say that Apple computers, unlike Windows PCs, can't ever be infected - but it's a myth," Timur Tsoriev, an analyst at the Kaspersky Lab in Russia, told the BBC.