Ars Technica's Dan Goodin:
3/ We’ve seen no evidence of exploitation targeting customers. We were not the only crypto org targeted in this campaign. We are working to notify other orgs we believe were also targeted. We’re also releasing a set of IOCs that orgs can use to evaluate their potential exposure.— Philip Martin (@SecurityGuyPhil) June 19, 2019
As noted by Mac security expert Patrick Wardle, XProtect and Gatekeeper provided no protection in this case, as they only scan applications that have a quarantine flag set. Fortunately, this may change in macOS Catalina.
Firefox users on Mac should update the web browser to version 67.0.4 as soon as possible to keep themselves protected.
More details can be read at Ars Technica.