This has been fixed. Someone found a way to trigger an unwanted password reset.
So no more trojan and I'm looking into how the password reset was triggered so they can't use this method to gain access any longer.
P.S. Thanks for the extra info in this thread, made it much easier to track down as I'm also on Safari on a Mac