Inspect /Library/LaunchAgents and /Library/LaunchDaemons for suspicious .plist files that you did not intentionally install.
Provide a guide on how to after a potential breach. Why Join the Navy if You Can Be a Pirate? - Gen Digital
These malicious installers often use scripts to create LaunchDaemons , ensuring the malware remains active even after a reboot.
Immediately stop any potential data exfiltration to a command-and-control server.