The OSX.RSPlug.A phishing Trojan that targets users of Apple's OS X operating system is much more widespread than originally believed, say experts.

David Marcus, security research and communications director at McAfee, told vnunet.com that the Trojan has spread to several sites that offer fake codecs.

Initial reports about the worm indicated that it was distributed as a codec on a porn website that was advertised in spam messages posted on Mac bulletin boards.

The attackers behind the sites crafted the malware to detect the visitor's operating system, allowing them to serve a tailor-made exploit and guarantee a higher rate of infections.

McAfee confirmed that, as reported earlier by Intego, the Trojan infects Mac users with a DNS Changer which redirects web traffic from legitimate sites to either phishing pages or sites that serve ads.

Although the Trojan is being distributed by more sites than originally believed, Marcus noted that there are still few actual infections being reported.

The Trojan is believed to be the first functional piece of malware to be released for OS X.

How it fares could determine whether other malware authors follow suit, according to Marcus. If the Trojan is successful at infecting machines, malware writers are bound to repeat the attack method.

"Ultimately, if the malware is successful and it can make the malware writer money on the Mac platform, it could catch on," he warned.