You send your binary to Apple and they do some checks before signing it. That’s what “Apple checked this application and found no malware” prompt is.

Also, those signatures can be revoked or even blacklisted if required.