Lily Hay Newmman, Wired:

College student Peter Dantini discovered the notarized version of Shlayer while navigating to the homepage of the popular open source Mac development tool Homebrew. Dantini accidentally typed something slightly different than brew.sh, the correct URL. The page he landed on redirected a number of times to a fake Adobe Flash update page. Curious about what malware he might find, Dantini downloaded it on purpose. To his surprise, macOS popped up its standard warning about programs downloaded from the internet, but didn’t block him from running the program. When Dantini confirmed that it was notarized, he sent the information on to longtime macOS security researcher Patrick Wardle.

And:

The campaign is distributing the ubiquitous “Shlayer” adware, which by some counts has affected as many as one in 10 macOS devices in recent years. The malware exhibits standard adware behavior, like injecting ads into search results. It’s not clear how Shlayer slipped past Apple’s automated scans and checks to get notarized, especially given that it’s virtually identical to past versions. But it’s the first known example of malware being notarized for macOS.

Interesting how this stuff gets discovered. All this time and it’s still in the wild. So much so, that it slipped past Apple’s scanners and got notarized.