An update was released a few hours ago that is meant to uninstall the Java applet from browsers in OS X that users can download now.
Apple says that the malware was distributed through a website for software developers. They identified some infected computers and isolated them.
Apparently the Java applet is very vulnerable to these threats. From Apple:
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.The update removes the Java applet and the Java Preferences application, "which is no longer required to configure applet settings." Apple says in the update details:
This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a webpage, click on the region labeled "Missing plug-in" to go download the latest version of the Java applet plug-in from Oracle.The update is available through the App Store's updates section as well as on Apple's support website here.
[The Verge]