I found a thread with a similar problem but it didn't seem to have a solution for this situation, so here goes:
I have, on 3 occasions now, received spam email (iPhone XS fake promos) to my personal Gmail account from my own iCloud account.
These emails have only been sent when my Mac is turned on. They show up in my iCloud account's "Sent" folder within the Mail app. I have verified that they have come from the IP address of my Mac. These emails have gone to my personal Gmail account and to no other addresses within my contact list. My Apple login is secured with 2FA and there have been no abnormal login attempts.
I share the Mac with family and it is possible that a ..questionable.. piece of software was installed by my son (pirated version of an app from a torrent site). Though, nothing that would have required an administrator password, which he does not have.
So, what do you think is happening here? And how do I stop it? I am currently using the latest Catalina public beta. I looked into Malwarebytes and it is not yet compatible.
Thank you in advance for any help you can offer!
Best Answer
I believe I've figured this out. This is the well known Gcal spam, but in my case, at least, and I assume @derpymcderpson's case, the Google calendar is linked to Calendar.app (formerly iCal). That means that an email alarm from Calendar when the Gcal spam is added sends an email from your primary email account using Apple Mail (or, more specifically, MailServiceAgent). No hacking. Just unfortunate behavior. It's also, fortunately, why it only goes to your own Gmail account.