The trojans are definitely coming. As many have probably noticed security researchers found a flaw in OS X that allows attackers to execute arbitrary code. The most popular way is to use Safari and take advantage of the “Open safe files after downloading” feature. The best write-up is from the SANS ISC:
Serious flaw on OS X
You can find the proof of concept exploit here, and a write-up of how it can be exploited via email here.
There is no patch available. In The mean time:

  • Disable “Open safe files after downloading”
  • Use firefox on OS X (Which does not appear to be vulnerable)
  • Be very careful about opening attachements in email and downloaded files

A good step to take if you are suspicious comes from the ISC write-up:

$ unzip
creating: __MACOSX/
inflating: __MACOSX/

The metadata file in this example is This is some binary file, but even running simple strings command on this file will reveal what the real utility used to open the main file is:

$ strings

A zip file could be masking malicious code, so be careful. Oh, and HD Moore has added this to metasploit, exploit here.