There are other posters with far more expertise in this matter than I've got, and I hope some of them will kick in, but my advice is that you run Legacy Download – Little Snitch if you're not already running it.

LS is best described as a reverse firewall, i.e. it prevents calls OUT of your Mac without your permission, and that's effective medicine against a lot of malware. It's got a bit of a learning curve in that you've got to understand what your allowing or denying every time you click on "Allow" or "Deny", but once you've established your basic rules you can coast.

It's a bit pricey, but I imagine that it still allows a trial that, when I used it, necessitated restarting it every two hours.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire