Regarding this Apple EFI malware: https://firmwaresecurity.com/2017/12/03/efivalidate-and-mojo_thor/
most code activity was in 2017, but there’ve been a few changes in the last few weeks, mostly related to the new Apple T2 processor:
https://github.com/rickmark/mojo_thor/commits/master
https://github.com/rickmark/mojo_thor
Apple security readers: it looks like you still need to follow-up with author, see the readme.
PS: The author is also the author of efivalidate:
https://github.com/rickmark/efivalidate
Firmware Security 