Sorry to hear that. They seem to be moving the stolen funds between different wallets and addresses. In the end some funds were kept at wallets that stake with EVE4, some ended up here, some here and then moved further…
There are really many many ways how someone could steal your funds. Hardware wallets tend to be most secure when used correctly. There are other options too, but those are less user-friendly.
I have done some research and what I have found is that the scammers use keyloggers or screencapture. Sophos writes about all kinds of malware, there’s a newsletter and you can search. It doesn’t seem possible to have something on your phone or Mac that os capable of initiating a transaction. The wallet is then reconstructed and then they move the assets.
Still, I would be very reluctant to store cryptocurrency on either device. After all, my iPhone was never designed to be used as a safe, only to make phone calls and similar.