Once permission is granted, it hides itself deep inside macOS folders. The exploit appears as an Adobe Flash Player installer. A decade-old Windows malware trojan wormed its way into the macOS ecosystem, complete with a signed (likely stolen) Apple developer certificate.