On Thursday, macOS security expert Patrick Wardle published an analysis of Mac malware that came from someone who claimed it infected his fully up-to-date Mac through a zero-day vulnerability in Firefox. The person claimed to have been "involved with a cryptocurrency exchange until fairly recently." The hash of the malware matched one of the hashes provided by Martin.
1/ A little more context on the Firefox 0-day reports. On Monday, Coinbase detected & blocked an attempt by an attacker to leverage the reported 0-day, along with a separate 0-day firefox sandbox escape, to target Coinbase employees.
— Philip Martin (@SecurityGuyPhil) 19 juni 2019