“And according to the analysis, this is exactly what they did. They used a different cert to sign their malware.
I have to admit that Windows' UAC is better in that regard, as it shows the signees name. But of course this is only useful if you know the "right" name.”
“Yeah, I think this is a major issue on OS X. For the average user it is impossible to tell who signed an app, if it is sandboxed, and what permissions it has. Hell, using the codesign command to extract entitlements from all binaries in a package is hard even for advanced users...
(There is third party tool named RB App Checker which does make these tasks a bit easier, though)”
…in this comment thread: https://news.ycombinator.com/item?id=11234966