Security Grade: Theatrical
"...malware notarized by Apple to run on macOS"
Proof, if more were needed, that notarization is just a thinly veiled ploy by Apple to intermediate themselves between every user and developer. That said, app stores (not just Apple's) seem pretty hopeless at filtering out bad software, rip-offs or surfacing great quality apps. But woe betide devs who quibble over the 30% ticket clipping. They seem to be able to detect in-app purchase bypasses OK.
Gate-keeping, but the horse is long gone.