Potential malware implemented during a session

Hello, I'm a little confused and hope someone can explain to me how it might have happened

So I was working with a freelancer on a program for a specific website, he occasionally connected to my PC to do some fixing and file transfers, unfortunately I don't know exactly which files from my system they transferred and it seems there are no logs for the dates of the sessions (I'm only using teamviewer to connect to the PC from my phone and it might have overwritten it). However while they didn't have my credentials, they somehow connected to my account on this website, but the thing is, there is 2FA enabled and even if they keylogged my password, they wouldn't be able to get over it and even if the program could turn it off. There is login history on the website which shows initial logins but there were no logins other than mine, I could get detailed information about all activities on the website and there were indeed other ips that were using my account but they didn't do initial logins which would defintely appear in the login history. I thought that they might have accessed my account because I logged in the program and entered the 2FA, but after it I deleted the program and log out of all devices several times and yet they somehow secretly got into my account again and again. I did check up of my entire system with a few antivirus programs and there was nothing like this. Is it possible that they somehow can access my chrome browser and that's how they could get over the 2FA after I logged in or what else it can be? Also I use the same google account on my chrome on mac, is it safe to keep using it, considering that they never connected to it?