Yet days after this Trojan was disclosed together with a code signature, Apple is still relying on third parties to tell them which apps are affected. Meanwhile, we know that Amazon has been scanning their store for (at least) AWS keys for years, and Google has been running Bouncer on their store for longer.

It is well-known that due to Apple's restrictions on third-parties scanning software in their store, malware incidences in the App Store are significantly underreported.