Once it passes through this automated check, macOS apps can get past the Gatekeeper which is a security feature that checks whether the downloaded apps have been verified for known malicious content.
It was identified that the Shlayer malware created unsigned and unauthorised Shlayer samples that were exploiting a zero-day vulnerability and it was reported to Apple.
As per security researchers, this malware takes advantage of the logical flaws of the Gatekeeper. The vulnerabilities can result in the misclassification of specific apps and therefore would allow policy engines to skip crucial logic which includes alerting the user and removing apps not trusted.
These types of malware variants take advantage of zero-day and can be spread using search engine results wherein malicious websites can be launched by just double-clicking on it.
Apple has fixed this vulnerability by releasing a security update for macOS. Users have been made aware that the malicious apps shouldn’t be opened and have been advised to remove the mounted disk image as it may have malware.