Intego claims to have "discovered a spyware application that is installed by a number of freely distributed Mac applications and screen savers found on a variety of websites. This spyware, OSX/OpinionSpy, performs a number of malicious actions, from scanning files to recording user activity, as well as sending information about this activity to remote servers and opening a backdoor on infected Macs."
OSX/OpinionSpy is installed by a number of applications and screen savers that are distributed on sites such as MacUpdate, VersionTracker and Softpedia. The spyware itself is not contained in these applications, but is downloaded during the installation process. This shows the need for an up-to-date anti-malware program with a real-time scanner that can detect this malware when it is downloaded by the original application’s installer.
SANS reported on this, but I found the comments on their post here interesting: [isc.sans.edu...] I share the concerns of this poster:
What bugs me most is that Intego found this spyware, yet refuses to tell how to detect if you're infected, and how to remove, other than buying (or using) their virus scanner.
The Washington Post said it pretty well:
The relative obviousness of this one Mac trojan doesn't make Apple's platform invulnerable--for evidence to the contrary, see the successful attacks demonstrated against fully-patched versions of OS X at the annual Pwn2Own security conference. [voices.washingtonpost.com...]
you could try this program: [macscan.securemac.com...] it is not free but there is a free trial. it does seem to work well at finding spy ware, but i have not seen the spyware that you are speaking of come up before.