@iska it seems as though this malware mainly targets any macOS user using pCloud, Yandex Disk, and Dropbox. And it primarily affects anyone with System Integrity Protection (SIP) disabled. Or are running Catalina 10.15.6 or earlier.
It does this by bypassing the Transparency Consent and Control (TCC), which basically gives prompts like
“X would like to record your screen, access your camera, etc.”