More than half the infected computers, which could be taken over and used in a "botnet," are based in the United States, the company Dr. Web said.
The malware, known as the Flashback Trojan, masquerades as a Flash Player update, but once downloaded it deactivates some of the computer's security software.
Once installed the Trojan sends a message to the intruder's control server with a unique ID to identify the infected machine.
"By introducing the code criminals are potentially able to control the machine," Dr. Web executive Boris Sharov told the BBC.
"The largest amounts of bots -- based on the IP addresses we identified -- are in the United States, Canada, United Kingdom and Australia, so it appears to have targeted English-speaking people," Sharov said.
In response, Apple released a security update Wednesday that users can trigger by clicking on the software update icon in the computer's system preferences panel.
Kate Moss Playboy shoot is classic Playboy, classic Kate
Man behind Doritos Locos Tacos passed away on Thanksgiving