The way this malware works is basically the following:
- The malware is introduced as part of an email, typically that looks like it from someone you know.
- The email would, in most cases, include a link to click on ... but not all do and just by opening it may be possible for the malware to "infect" that recipient's device. Similarly, replying to this email would provide the malware originator with your email address ... which, in turn, they may start sending malicious emails to.
This issue is more common with Windows-based computers, and not with Macs ... but Macs are not impervious to malware/adware.
A few things that you can do at this point:
- Try using Malwarebytes for Mac or EtreCheck to locate, and remove, any malware "infections" on your Mac. Do not use dedicated Anti-Virus apps on your Mac for this as they tend to cause more issues than resolve them. Besides, Macs to date, do not get viruses.
You didn't mention what email provider you received this message on. Regardless, you will need to be more diligent going forward to look for other potential malware messages coming your way. If it is an iCloud email account, I strongly suggest that you change your Apple ID password immediately. Manage your Apple ID - Apple
As far as your friend, if they have a Mac, then the same info I provided you would be a good start. If, instead, they have a Windows PC, then it's a "whole different ballgame" on what their next steps would be.
Regardless, the following may come in handy: