Macintosh applications are almost always code signed today, which is a very good thing. Unfortunately, there is a serious flaw in how macOS handles code signatures that can lead to a false sense of security. Most Mac users, and even most Mac admins, are unaware of these flaws.
Because macOS checks code signatures very infrequently, it is easily possible to hijack a legitimate application that is already installed on the system without triggering any kind of code signature check. Worse, most developers are not aware of this, and do not add their own code signature self-checks. This means that there are countless vulnerable Mac applications in existence on the market.
This is extremely easy to exploit, as will be demonstrated. Fortunately, there are also steps that will be described that developers can take to prevent their apps from being abused in this manner, as well as some ways that admins can flag potential problems with applications on their endpoints, or that techs can use while troubleshooting issues.
Although there is currently no malware known to be taking advantage of this issue, it could easily happen in the future. As macOS appears to be behaving as designed, it will fall on the shoulders of developers to ensure their apps are not vulnerable to such threats.