Last year Apple asked all third-party macOS developers to submit software for notarization. The process scans an app for malicious components and then adds a flag that indicates that Apple did not find anything when a user tried to open it. If your software is not notarized, macOS Catalina will not run. That all sounds good, but then Apple accidentally notarized malware disguised as a Flash Update program.
Security researcher Patrick Wardle reports that Apple has notarized an app that contains malware called Shlayer. Shlayer works like a Trojan horse and spreads through fake programs to flood users with adware. In this case, the software looks like a Flash updater, but replaces websites (including from encrypted sources) and advertisements with its own advertisements.
According to Wardle, Shlayer is the most widespread form of malware on macOS. So it̵
Wardle reported his results to Apple, which in turn revoked the certification and the developer accounts involved. It didn’t take long for the Shlayer developers to release yet another payload that gained re-certification. Wardle has already reported this variant to Apple and has been blocked since then. The game of cat and mouse will likely go on for a long time.