This in an alarming article on 9to5mac.com which is well worth a read.
Yes CloudMensis is a very capable piece of malware, but it’s being used in a very targeted fashion. It’s also very unusual in that when it “phone’s home” that can be to cloud storage services rather than a private server. It’s unclear how it was able to defeat the the macOS defences, but some pretty standard security advice can massively reduce the risks to you. Namely, “never open attachments you aren’t expecting, even if they appear to be from a known contact, and only ever download software from the Mac App Store or the websites of developers you trust”.