Comment by alin23
14 days ago
Notarization is mostly a glorified malware scan. There's no Apple engineer auditing what's being sent for notarization. Even clever malware can evade notarization scans and be distributed as a notarized binary, it has happened in the past [0]
There's no better way for auditing such an app than having the code easily available and looking through it, and compiling it yourself. Which is already the case here.
[0] https://thehackernews.com/2025/12/new-macsync-macos-stealer-...
Your link says that Apple revoked the certificate used to sign the malware by the time the story was published.
After a different company detected it, figured out what it did, and reported it to Apple. The app was notarized on November 17, screenshots in the researchers' post are from December 16. That's a month of fully notarized distribution.