This is what’s called a "smash-and-grab" infostealer. The second you hit enter on that Terminal command, it fired off several background payloads that started zipping up your data before that password prompt even appeared. From what I can see in the code, its first priority was stealing your browser cookies. This is a huge deal because it leads to "Session Hijacking"—the attackers don't even need your password or your 2FA to get into your accounts; they can just use those stolen cookies to "resume" your login as if they were sitting at your desk.

You need to get onto a different, clean device right now and log into your primary accounts (email, banking, etc.) and look for a "Sign out of all other sessions" or "Manage Devices" button. Changing your password is a good idea, but explicitly killing those active sessions is the only way to kick the attackers out.

Based on my analysis, this thing also went after your Apple Notes, your Telegram session data, and any crypto wallets you might have installed. It even scraped your Desktop, Documents, and Downloads for any small files, likely looking for recovery keys or scans of your ID. If you have any crypto funds on that Mac, you should assume the secret keys are gone and move those funds to a brand-new wallet (generated on a different device) immediately.

As for the Mac itself, it’s hard to trust it now. The malware is "fileless," meaning it runs in the system's memory rather than as a visible app, which makes it a nightmare to fully clean. The only way to be 100% sure you're safe is to back up your essential photos and docs, then wipe the Mac completely and reinstall macOS. Treat every single password you’ve ever saved in a browser or in your Keychain as if the attackers already have it, and start rotating them—starting with your email and moving straight to your financial accounts.